CVE-2023-23602Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-1385Missing Origin Validation in WebSockets15 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJun 2

Description

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified109
NVDmozilla/firefox< 109.0
CVEListV5mozilla/firefox_esrunspecified102.7
NVDmozilla/firefox_esr< 102.7
Ubuntumozilla/firefox< 109.0.1+build1-0ubuntu0.18.04.2+3

🔴Vulnerability Details

6
GHSA
GHSA-457f-c77p-7wc3: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored2023-06-02
OSV
CVE-2023-23602: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored2023-06-02
CVEList
Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers2023-06-02
OSV
firefox regressions2023-02-06
OSV
thunderbird vulnerabilities2023-02-06

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2023-02-06
Ubuntu
Firefox regressions2023-02-06
Ubuntu
Firefox vulnerabilities2023-01-23
Red Hat
Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers2023-01-17
Debian
CVE-2023-23602: firefox - A mishandled security check when creating a WebSocket in a WebWorker caused the ...2023
CVE-2023-23602 — Mozilla Firefox vulnerability | cvebase