Security Advisory

CVE-2023-25728

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-02 00:00:00

Last updated 2025-01-10 17:40:06

Assigner mozilla

State PUBLISHED

Description

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframes unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

← Browse all CVEs View on cve.org ↗