Bug 2228360 (CVE-2023-4045) - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions
Summary: CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin rest...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-4045
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2225291 2225292 2225293 2225294 2225295 2225296 2225297 2225298 2225299 2225300 2225303 2225304 2225305 2225306 2225307 2225308 2225309 2225310 2225311 2225312 2226760 2226761
Blocks: 2225289
TreeView+ depends on / blocked
 
Reported: 2023-08-02 07:46 UTC by Dhananjay Arunesh
Modified: 2023-08-07 13:14 UTC (History)
8 users (show)

Fixed In Version: firefox 102.14, firefox 115.1, thunderbird 102.14, thunderbird 115.1
Clone Of:
Environment:
Last Closed: 2023-08-07 13:14:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4460 0 None None None 2023-08-03 12:36:07 UTC
Red Hat Product Errata RHSA-2023:4461 0 None None None 2023-08-03 12:56:23 UTC
Red Hat Product Errata RHSA-2023:4462 0 None None None 2023-08-03 12:56:41 UTC
Red Hat Product Errata RHSA-2023:4463 0 None None None 2023-08-03 12:58:09 UTC
Red Hat Product Errata RHSA-2023:4464 0 None None None 2023-08-03 12:57:56 UTC
Red Hat Product Errata RHSA-2023:4465 0 None None None 2023-08-03 12:58:59 UTC
Red Hat Product Errata RHSA-2023:4468 0 None None None 2023-08-03 13:51:19 UTC
Red Hat Product Errata RHSA-2023:4469 0 None None None 2023-08-03 13:45:01 UTC
Red Hat Product Errata RHSA-2023:4492 0 None None None 2023-08-07 08:10:22 UTC
Red Hat Product Errata RHSA-2023:4493 0 None None None 2023-08-07 08:25:03 UTC
Red Hat Product Errata RHSA-2023:4494 0 None None None 2023-08-07 08:23:25 UTC
Red Hat Product Errata RHSA-2023:4495 0 None None None 2023-08-07 08:37:28 UTC
Red Hat Product Errata RHSA-2023:4496 0 None None None 2023-08-07 08:37:55 UTC
Red Hat Product Errata RHSA-2023:4497 0 None None None 2023-08-07 08:40:05 UTC
Red Hat Product Errata RHSA-2023:4499 0 None None None 2023-08-07 08:39:37 UTC
Red Hat Product Errata RHSA-2023:4500 0 None None None 2023-08-07 08:45:12 UTC

Description Dhananjay Arunesh 2023-08-02 07:46:45 UTC 
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045
Comment 1 errata-xmlrpc 2023-08-03 12:36:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4460 https://access.redhat.com/errata/RHSA-2023:4460
Comment 2 errata-xmlrpc 2023-08-03 12:56:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4461 https://access.redhat.com/errata/RHSA-2023:4461
Comment 3 errata-xmlrpc 2023-08-03 12:56:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4462 https://access.redhat.com/errata/RHSA-2023:4462
Comment 4 errata-xmlrpc 2023-08-03 12:57:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4464 https://access.redhat.com/errata/RHSA-2023:4464
Comment 5 errata-xmlrpc 2023-08-03 12:58:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4463 https://access.redhat.com/errata/RHSA-2023:4463
Comment 6 errata-xmlrpc 2023-08-03 12:58:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4465 https://access.redhat.com/errata/RHSA-2023:4465
Comment 7 errata-xmlrpc 2023-08-03 13:45:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4469 https://access.redhat.com/errata/RHSA-2023:4469
Comment 8 errata-xmlrpc 2023-08-03 13:51:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4468 https://access.redhat.com/errata/RHSA-2023:4468
Comment 9 errata-xmlrpc 2023-08-07 08:10:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4492 https://access.redhat.com/errata/RHSA-2023:4492
Comment 10 errata-xmlrpc 2023-08-07 08:23:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4494 https://access.redhat.com/errata/RHSA-2023:4494
Comment 11 errata-xmlrpc 2023-08-07 08:25:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4493 https://access.redhat.com/errata/RHSA-2023:4493
Comment 12 errata-xmlrpc 2023-08-07 08:37:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4495 https://access.redhat.com/errata/RHSA-2023:4495
Comment 13 errata-xmlrpc 2023-08-07 08:37:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4496 https://access.redhat.com/errata/RHSA-2023:4496
Comment 14 errata-xmlrpc 2023-08-07 08:39:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4499 https://access.redhat.com/errata/RHSA-2023:4499
Comment 15 errata-xmlrpc 2023-08-07 08:40:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4497 https://access.redhat.com/errata/RHSA-2023:4497
Comment 16 errata-xmlrpc 2023-08-07 08:45:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4500 https://access.redhat.com/errata/RHSA-2023:4500
Comment 17 Product Security DevOps Team 2023-08-07 13:14:52 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-4045
Note You need to log in before you can comment on or make changes to this bug.