Vulnerabilities > CVE-2023-23602 - Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
mozilla
CWE-754
NVD
Published: 2023-06-02
Updated: 2023-06-08

Summary

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

Vulnerable Configurations

Part Description Count
Application
Mozilla
1211

Common Weakness Enumeration (CWE)

References