VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ceca-hscj-aaar

Essentials
Severities (102)
References (53)
Severity details (15)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ceca-hscj-aaar
Aliases	CVE-2023-23602
Summary	A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-754	Improper Check for Unusual or Exceptional Conditions
CWE-1385	Missing Origin Validation in WebSockets

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23602.json
epss	0.00080	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00080	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00100	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00110	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
epss	0.0028	https://api.first.org/data/v1/epss?cve=CVE-2023-23602
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1800890
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1800890
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23602
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23602
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-03
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-01/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-02/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-02/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-03/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-03/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23602.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-23602
		https://bugzilla.mozilla.org/show_bug.cgi?id=1800890
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.mozilla.org/security/advisories/mfsa2023-01/
		https://www.mozilla.org/security/advisories/mfsa2023-02/
		https://www.mozilla.org/security/advisories/mfsa2023-03/
2162341		https://bugzilla.redhat.com/show_bug.cgi?id=2162341
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-23602		https://nvd.nist.gov/vuln/detail/CVE-2023-23602
mfsa2023-01		https://www.mozilla.org/en-US/security/advisories/mfsa2023-01
mfsa2023-02		https://www.mozilla.org/en-US/security/advisories/mfsa2023-02
mfsa2023-03		https://www.mozilla.org/en-US/security/advisories/mfsa2023-03
RHSA-2023:0285		https://access.redhat.com/errata/RHSA-2023:0285
RHSA-2023:0286		https://access.redhat.com/errata/RHSA-2023:0286
RHSA-2023:0288		https://access.redhat.com/errata/RHSA-2023:0288
RHSA-2023:0289		https://access.redhat.com/errata/RHSA-2023:0289
RHSA-2023:0290		https://access.redhat.com/errata/RHSA-2023:0290
RHSA-2023:0294		https://access.redhat.com/errata/RHSA-2023:0294
RHSA-2023:0295		https://access.redhat.com/errata/RHSA-2023:0295
RHSA-2023:0296		https://access.redhat.com/errata/RHSA-2023:0296
RHSA-2023:0456		https://access.redhat.com/errata/RHSA-2023:0456
RHSA-2023:0457		https://access.redhat.com/errata/RHSA-2023:0457
RHSA-2023:0459		https://access.redhat.com/errata/RHSA-2023:0459
RHSA-2023:0460		https://access.redhat.com/errata/RHSA-2023:0460
RHSA-2023:0461		https://access.redhat.com/errata/RHSA-2023:0461
RHSA-2023:0462		https://access.redhat.com/errata/RHSA-2023:0462
RHSA-2023:0463		https://access.redhat.com/errata/RHSA-2023:0463
RHSA-2023:0476		https://access.redhat.com/errata/RHSA-2023:0476
USN-5816-1		https://usn.ubuntu.com/5816-1/
USN-5824-1		https://usn.ubuntu.com/5824-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23602.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1800890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:16:34Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1800890

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23602

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23602

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:16:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-02/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:16:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-02/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-03/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:16:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-03/

Exploit Prediction Scoring System (EPSS)

Percentile	0.36423
EPSS Score	0.00080
Published At	Dec. 27, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.