ghsa-457f-c77p-7wc3
Vulnerability from github
Published
2023-06-02 18:30
Modified
2024-04-04 04:29
Severity
Details
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
{ "affected": [], "aliases": [ "CVE-2023-23602" ], "database_specific": { "cwe_ids": [ "CWE-754" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-06-02T17:15:10Z", "severity": "MODERATE" }, "details": "A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7.", "id": "GHSA-457f-c77p-7wc3", "modified": "2024-04-04T04:29:40Z", "published": "2023-06-02T18:30:18Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23602" }, { "type": "WEB", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800890" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2023-01" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2023-02" }, { "type": "WEB", "url": "https://www.mozilla.org/security/advisories/mfsa2023-03" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }
Loading...