QID 356176

offscreen canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.
This vulnerability affects firefox < 116, firefox esr < 102.14, and firefox esr < 115.1. (
( CVE-2023-4045) in some circumstances, a stale value could have been used for a global variable in wasm jit analysis.
This resulted in incorrect compilation and a potentially exploitable crash in the content process.
( CVE-2023-4046) a bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
( CVE-2023-4047) an out-of-bounds read could have led to an exploitable crash when parsing html with domparser in low memory situations.
( CVE-2023-4048) race conditions in reference counting code were found through code inspection.
These could have resulted in potentially exploitable use-after-free vulnerabilities.
( CVE-2023-4049) in some cases, an untrusted input stream was copied to a stack buffer without checking its size.
This resulted in a potentially exploitable crash which could have led to a sandbox escape.
( CVE-2023-4050) when the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state.
This could have caused requests to be sent with some cookies missing.
( CVE-2023-4055) memory safety bugs present in firefox 115, firefox esr 115.0, firefox esr 102.13, thunderbird 115.0, and thunderbird 102.13.
( CVE-2023-4056)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.