If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla firefox esr |
||
mozilla thunderbird |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |