CVE-2021-23968

Summary

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 86affected
MozillaThunderbird< 78.8affected
MozillaFirefox ESR< 78.8affected

Weaknesses

  • Content Security Policy violation report could have contained the destination of a redirect

ADP Enrichment

CVE Program Container

Additional References

References