Security Advisory

CVE-2021-23968

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-26 01:59:36

Last updated 2024-08-03 19:14:09

Assigner mozilla

State PUBLISHED

Description

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

← Browse all CVEs View on cve.org ↗