Information Disclosure

2023-08-0612:05:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

firefox

thunderbird

information disclosure

vulnerability

malicious website

off-screen canvas

image data

browsing activity

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

31.9%

JSON

firefox and thunderbird are vulnerable to Information Disclosure. An attacker could exploit this vulnerability by creating a malicious website that would contain a specially crafted off-screen canvas element. When the victim visited the website, the off-screen canvas element would be able to access image data from other sites, even if those sites were not in the same origin. This could be used to steal the victim’s personal information or to track their browsing activity.

CPENameOperatorVersion
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox-esr:bullseyeeq78.5.0esr-1
firefox-esr:sideq78.8.0esr-1
firefox-esr:sideq78.5.0esr-1
thunderbird:sideq1:78.5.0-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1

Name	Operator	Version
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox-esr:bullseye	eq	78.5.0esr-1
firefox-esr:sid	eq	78.8.0esr-1
firefox-esr:sid	eq	78.5.0esr-1
thunderbird:sid	eq	1:78.5.0-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1