CVE-2021-23968 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1601	thunderbird	78.7.1-1	78.8.0-1	High	Fixed
AVG-1599	firefox	85.0.2-1	86.0-1	High	Fixed

References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968 https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968 https://bugzilla.mozilla.org/show_bug.cgi?id=1687342

References

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968
https://bugzilla.mozilla.org/show_bug.cgi?id=1687342