Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-6868

Опубликовано: 19 дек. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox < 121.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

code not present
esm-infra/focal

DNE

focal

not-affected

android only
jammy

not-affected

code not present
lunar

ignored

end of life, was needs-triage
mantic

not-affected

code not present
noble

not-affected

code not present
trusty

ignored

end of standard support
upstream

not-affected

debian: Android-specific

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

ignored

esm-apps/noble

ignored

esm-infra/focal

DNE

focal

DNE

jammy

ignored

lunar

ignored

end of life, was needs-triage
mantic

ignored

end of life, was needs-triage
noble

ignored

trusty

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

DNE

esm-apps/bionic

ignored

esm-infra/focal

DNE

focal

DNE

jammy

DNE

lunar

DNE

mantic

DNE

noble

DNE

trusty

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

DNE

esm-apps/focal

ignored

esm-infra/bionic

ignored

focal

ignored

jammy

DNE

lunar

DNE

mantic

DNE

noble

DNE

trusty

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra/focal

ignored

focal

ignored

jammy

DNE

lunar

DNE

mantic

DNE

noble

DNE

trusty

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/jammy

ignored

esm-infra/focal

DNE

focal

DNE

jammy

ignored

lunar

ignored

end of life, was needs-triage
mantic

DNE

noble

DNE

trusty

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra/focal

DNE

focal

DNE

jammy

ignored

lunar

DNE

mantic

DNE

noble

DNE

trusty

DNE

upstream

ignored

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

esm-infra/focal

DNE

focal

not-affected

jammy

not-affected

lunar

ignored

end of life, was needed
mantic

not-affected

noble

not-affected

trusty

ignored

end of standard support
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 41%
0.00222
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-6868

CVSS3: 4.3
nvd
почти 2 года назад

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.

debian логотип

CVE-2023-6868

CVSS3: 4.3
debian
почти 2 года назад

In some instances, the user-agent would allow push requests which lack ...

github логотип

GHSA-3xch-57qj-5x2p

CVSS3: 4.3
github
почти 2 года назад

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.

fstec логотип

BDU:2023-08952

CVSS3: 5.3
fstec
почти 2 года назад

Уязвимость push-уведомлений браузера Mozilla Firefox операционных систем Android, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям

EPSS

Процентиль: 41%
0.00222
Низкий

4.3 Medium

CVSS3

Уязвимость CVE-2023-6868