CVE-2023-4045

2023-08-0115:15:09

Alpine Linux Development Team

security.alpinelinux.org

offscreen canvas

cross-origin tainting

firefox

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.9%

JSON

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchfirefox-esr< 115.1.0-r0UNKNOWN
Alpine3.18-communitynoarchfirefox-esr< 115.1.0-r0UNKNOWN
Alpine3.19-communitynoarchfirefox-esr< 115.1.0-r0UNKNOWN
Alpine3.20-communitynoarchfirefox-esr< 115.1.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	firefox-esr	< 115.1.0-r0	UNKNOWN
Alpine	3.18-community	noarch	firefox-esr	< 115.1.0-r0	UNKNOWN
Alpine	3.19-community	noarch	firefox-esr	< 115.1.0-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox-esr	< 115.1.0-r0	UNKNOWN