CVE-2023-23602

CVSS v3.1 6.5 (Medium)

EPSS 0.10 % (42^th)

Affected Products 3

Advisories 36

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

Weaknesses

CWE-754: Improper Check for Unusual or Exceptional Conditions

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-06-02 17:15:10
(15 months ago)
Updated Date: 2023-06-08 16:34:02
(15 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 109.0 version	cpe:2.3:a:mozilla:firefox	< 109.0
Mozilla Firefox Esr prior 102.7 version	cpe:2.3:a:mozilla:firefox_esr	< 102.7
Mozilla Thunderbird prior 102.7 version	cpe:2.3:a:mozilla:thunderbird	< 102.7