CVE-2017-7842

Summary

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 57affected

Weaknesses

  • Referrer Policy is not always respected for <link> elements

ADP Enrichment

CVE Program Container

Additional References

References