Inadequate Regular Expression Filtering in Console.log Allows Exfiltration of Data from Firefox, Thunderbird, and Firefox ESR

Inadequate Regular Expression Filtering in Console.log Allows Exfiltration of Data from Firefox, Thunderbird, and Firefox ESR

CVE-2023-23603 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

Learn more about our External Network Penetration Testing.