PT-2022-6826 · Mozilla+9 · Thunderbird+11

Dave Vandyke

Published

2022-11-16

Updated

2025-01-10

CVE-2023-23602

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 109 Thunderbird versions prior to 102.7 Firefox ESR versions prior to 102.7

Description A security issue was found in the handling of WebSocket creation within WebWorkers, causing the Content Security Policy connect-src header to be bypassed. This could allow connections to restricted origins from inside WebWorkers. The vulnerability may be exploited by a remote attacker to impact data integrity.

Recommendations For Firefox versions prior to 109, update to version 109 or later to resolve the issue. For Thunderbird versions prior to 102.7, update to version 102.7 or later to resolve the issue. For Firefox ESR versions prior to 102.7, update to version 102.7 or later to resolve the issue.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

ALSA-2023:0285

ALSA-2023:0288

ALSA-2023:0463

ALSA-2023:0476

ALT-PU-2023-1084

ALT-PU-2023-1119

ALT-PU-2023-1140

ALT-PU-2023-1193

ALT-PU-2023-1243

ALT-PU-2023-1315

ALT-PU-2023-1478

ALT-PU-2023-1758

ALT-PU-2023-4335

ALT-PU-2023-4365

ALT-PU-2023-5754

ALT-PU-2024-3614

BDU:2023-04828

CESA-2023_0288

CESA-2023_0296

CESA-2023_0456

CESA-2023_0463

CVE-2023-23602

DLA-3275-1

DLA-3324-1

DSA-5322-1

DSA-5355-1

MGASA-2023-0018

MGASA-2023-0034

OESA-2023-1673

OESA-2023-1674

OESA-2024-2057

OESA-2024-2058

OESA-2024-2120

OPENSUSE-SU-2023_0113-1

OPENSUSE-SU-2023_0329-1

OPENSUSE-SU-2024:12623-1

OPENSUSE-SU-2024:12627-1

OPENSUSE-SU-2024:12652-1

OPENSUSE-SU-2024:14572-1

RHSA-2023:0285

RHSA-2023:0286

RHSA-2023:0288

RHSA-2023:0289

RHSA-2023:0290

RHSA-2023:0294

RHSA-2023:0295

RHSA-2023:0296

RHSA-2023:0456

RHSA-2023:0457

RHSA-2023:0459

RHSA-2023:0460

RHSA-2023:0461

RHSA-2023:0462

RHSA-2023:0463

RHSA-2023:0476

RHSA-2023_0285

RHSA-2023_0288

RHSA-2023_0296

RHSA-2023_0456

RHSA-2023_0463

RHSA-2023_0476

RLSA-2023:0285

RLSA-2023:0288

RLSA-2023:0463

RLSA-2023:0476

SUSE-SU-2023:0111-1

SUSE-SU-2023:0112-1

SUSE-SU-2023:0113-1

SUSE-SU-2023:0329-1

USN-5816-1

USN-5816-2

USN-5824-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-6826 · Mozilla+9 · Thunderbird+11

CVE-2023-23602

Weakness Enumeration

Related Identifiers

Affected Products

References · 2302