Main Vulnerability Database Vulnerabilities #VU23372

#VU23372 Origin validation error in Mozilla Firefox - CVE-2019-17014

Published: December 3, 2019

Vulnerability identifier: #VU23372

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-17014

CWE-ID: CWE-346

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when processing unsuccessfully loaded images in cases where the loaded data is not an image. Such image can be dragged and dropped cross-domain that will result in cross-domain information disclosure.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/

#VU23372 Origin validation error in Mozilla Firefox - CVE-2019-17014

Description

Remediation

External links

Please verify you're human