Back to search
CVE-2023-23602
Published: Jun 2, 2023
Modified: Dec 18, 2025
PUBLISHED
Description
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Firefox | affected unspecified - < 109 |
Mozilla | Firefox ESR | affected unspecified - < 102.7 |
Mozilla | Thunderbird | affected unspecified - < 102.7 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now