CVE-2024-5693

Summary

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 127affected
MozillaFirefox ESRunspecified < 115.12affected
MozillaThunderbirdunspecified < 115.12affected

Weaknesses

  • Cross-Origin Image leak via Offscreen Canvas

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References