CVE-2023-6868
published 2023-12-19CVE-2023-6868: In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 121.0 | 121.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 121 | 121 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
Debian
CVE-2023-6868: firefox - In some instances, the user-agent would allow push requests which lacked a valid...
vendor_debian·2023·CVSS 4.3
CVE-2023-6868 [MEDIUM] CVE-2023-6868: firefox - In some instances, the user-agent would allow push requests which lacked a valid...
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2023-56: CVE-2023-6868
vendor_mozilla·CVSS 4.3
CVE-2023-6868 [MEDIUM] Mozilla Foundation Security Advisory 2023-56: CVE-2023-6868
Mozilla Foundation Security Advisory 2023-56
CVE: CVE-2023-6868
Product: Firefox
Impact: high
Fixed in: Firefox 121
OSV
CVE-2023-6868: In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one
osv·2023-12-19·CVSS 4.3
CVE-2023-6868 [MEDIUM] CVE-2023-6868: In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
GHSA
GHSA-3xch-57qj-5x2p: In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one
ghsa_unreviewed·2023-12-19
CVE-2023-6868 [MEDIUM] GHSA-3xch-57qj-5x2p: In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1865488https://security.gentoo.org/glsa/202401-10https://www.mozilla.org/security/advisories/mfsa2023-56/https://bugzilla.mozilla.org/show_bug.cgi?id=1865488https://security.gentoo.org/glsa/202401-10https://www.mozilla.org/security/advisories/mfsa2023-56/
2023-12-19
Published