VYPR
Medium severity6.5NVD Advisory· Published Jun 2, 2023· Updated Jun 17, 2026

CVE-2023-23602

CVE-2023-23602

Description

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

38

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.