Security Advisory

CVE-2023-6868

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-19 13:38:50

Last updated 2025-02-13 17:26:40

Assigner mozilla

State PUBLISHED

Description

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.

← Browse all CVEs View on cve.org ↗