CVE-2023-23602
CVSS v3.1
6.5 (Medium)
EPSS
0.10 % (42th)
Affected Products
3
Advisories
36
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Weaknesses
- CWE-754
- Improper Check for Unusual or Exceptional Conditions
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2023-06-02 17:15:10
(15 months ago) - Updated Date
-
2023-06-08 16:34:02
(15 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...