CVE-2021-23968
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
Affected (5)
Products: Mozilla: Firefox, Firefox Esr, Thunderbird · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 86.0 | |
| Before 78.8 | |
| Before 78.8 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
References (16)
Source: security@mozilla.org
Issue TrackingPermissions RequiredVendor Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Release NotesVendor Advisory
Source: security@mozilla.org
Release NotesVendor Advisory
Source: security@mozilla.org
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPermissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Timeline
No history available yet.