Red Hat: CVE-2023-23602: CVE-2023-23602 Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers (Multiple Advisories)

Red Hat: CVE-2023-23602: CVE-2023-23602 Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

01/23/2023

Created

01/25/2023

Added

01/24/2023

Modified

01/28/2025

Description

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

Solution(s)

• redhat-upgrade-firefox
• redhat-upgrade-firefox-debuginfo
• redhat-upgrade-firefox-debugsource
• redhat-upgrade-thunderbird
• redhat-upgrade-thunderbird-debuginfo
• redhat-upgrade-thunderbird-debugsource

References

• CVE-2023-23602
• RHSA-2023:0285
• RHSA-2023:0286
• RHSA-2023:0288
• RHSA-2023:0289
• RHSA-2023:0295
• RHSA-2023:0296
• RHSA-2023:0456
• RHSA-2023:0460
• RHSA-2023:0461
• RHSA-2023:0462
• RHSA-2023:0463
• RHSA-2023:0476

View more