CVSS 3.1 Score 4.3 of 10 (medium)


Published Dec 19, 2023
Updated: Feb 2, 2024


The vulnerability with the CVE ID CVE-2023-6868 affects Firefox on Android. It allows unauthorized parties to send empty messages through push requests, even though the push manager subscription defined a valid VAPID. This vulnerability affects Firefox versions prior to 121. The potential danger it poses to organizations is rated as MEDIUM severity, with a base score of 4.3. No privileges are required, but user interaction is required for exploitation. The attack vector is through the network, and the impact on integrity is low while there is no impact on confidentiality. The exploitability score is 2.8 out of 10, indicating a moderate level of exploitability. Remediation would involve updating Firefox to version 121 or later to mitigate this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6868 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options