CVE-2021-23971

Summary

When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 86affected

Weaknesses

  • A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer

ADP Enrichment

CVE Program Container

Additional References

References