VYPR
Unrated severityNVD Advisory· Published Jun 2, 2023· Updated Dec 18, 2025

Calls to console.log allowed bypassing Content Security Policy via format directive

CVE-2023-23603

Description

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

39

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.