Lucene search

K
redhatcveRedhat.comRH:CVE-2023-23603
HistoryJan 19, 2023 - 12:06 p.m.

CVE-2023-23603

2023-01-1912:06:45
redhat.com
access.redhat.com
23
mozilla foundation
security advisory
regular expressions
forbidden properties
style directives
exfiltrated data
browser

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.3%

The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren’t accounting for external URLs. Data could then be potentially exfiltrated from the browser.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.3%