Lucene search

[email protected]NVD:CVE-2024-5693

HistoryJun 11, 2024 - 1:15 p.m.

CVE-2024-5693

2024-06-1113:15:50

CWE-829

[email protected]

web.nvd.nist.gov

offscreen canvas

cross-origin tainting

firefox

same-origin policy

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

10.3%

JSON

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

References

bugzilla.mozilla.org/show_bug.cgi?id=1891319

lists.debian.org/debian-lts-announce/2024/06/msg00000.html

lists.debian.org/debian-lts-announce/2024/06/msg00010.html

www.mozilla.org/security/advisories/mfsa2024-25/

www.mozilla.org/security/advisories/mfsa2024-26/

www.mozilla.org/security/advisories/mfsa2024-28/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2024-5693

alpinelinux1 redhatcve1 ubuntucve1 debiancve1 vulnrichment1 cve1 cvelist1 wolfi1 osv14 openvas18 oraclelinux6 almalinux4 nessus52 rocky4 ubuntu2 mageia2 debian1 mozilla3 kaspersky3 slackware1