Origin validation error in Mozilla Firefox - CVE-2019-17014
Published: December 3, 2019
Vulnerability identifier: #VU23372
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-17014
CWE-ID: CWE-346
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing unsuccessfully loaded images in cases where the loaded data is not an image. Such image can be dragged and dropped cross-domain that will result in cross-domain information disclosure.
How to mitigate CVE-2019-17014
Install updates from vendor's website.