CVE-2023-6868

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6868
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 Issue Tracking Permissions Required
https://security.gentoo.org/glsa/202401-10 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2023-56/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
History

02 Feb 2024, 02:28

Type Values Removed Values Added
References () https://security.gentoo.org/glsa/202401-10 - () https://security.gentoo.org/glsa/202401-10 - Third Party Advisory

07 Jan 2024, 11:15

Type Values Removed Values Added
References
  • () https://security.gentoo.org/glsa/202401-10 -

22 Dec 2023, 10:52

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
CPE cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Summary
  • (es) En algunos casos, el agente de usuario permitiría solicitudes de inserción que carecían de un VAPID válido aunque la suscripción del administrador de inserción definiera uno. Esto podría permitir que se envíen mensajes vacíos desde partes no autorizadas. *Este error solo afecta a Firefox en Android.* Esta vulnerabilidad afecta a Firefox &lt; 121.
CWE NVD-CWE-noinfo
First Time Mozilla
Google
Google android
Mozilla firefox
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2023-56/ - () https://www.mozilla.org/security/advisories/mfsa2023-56/ - Vendor Advisory

19 Dec 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-19 14:15

Updated : 2024-02-02 02:28

NVD link : CVE-2023-6868

Mitre link : CVE-2023-6868

CVE.ORG link : CVE-2023-6868

JSON object : View

Products Affected

google

  • android

mozilla

  • firefox
CWE
NVD-CWE-noinfo