Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2021-23969

UNKNOWN
Published 2021-02-26T01:57:45
Actions:
No CVSS data available

Description

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Mozilla

Firefox

Affected Versions:

< 86
Mozilla

Thunderbird

Affected Versions:

< 78.8
Mozilla

Firefox ESR

Affected Versions:

< 78.8

References

https://www.mozilla.org/security/advisories/mfsa2021-07/
https://www.mozilla.org/security/advisories/mfsa2021-09/
https://www.mozilla.org/security/advisories/mfsa2021-08/
https://bugzilla.mozilla.org/show_bug.cgi?id=1542194
https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html
https://www.debian.org/security/2021/dsa-4866
https://security.gentoo.org/glsa/202104-10
https://security.gentoo.org/glsa/202104-09
Published: 2021-02-26T01:57:45
Last Modified: 2024-08-03T19:14:09.977Z
Copied to clipboard!