CVE-2021-23968

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23968

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23968.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-23968

Downstream

DEBIAN-CVE-2021-23968

DLA-2575-1

DLA-2578-1

DSA-4862-1

DSA-4866-1

OESA-2023-1673

OESA-2023-1674

RHSA-2021:0655

RHSA-2021:0656

RHSA-2021:0657

RHSA-2021:0658

RHSA-2021:0659

RHSA-2021:0660

RHSA-2021:0661

RHSA-2021:0662

SUSE-SU-2021:0659-1

SUSE-SU-2021:0661-1

SUSE-SU-2021:0667-1

SUSE-SU-2021:0676-1

SUSE-SU-2021:14657-1

UBUNTU-CVE-2021-23968

USN-4756-1

USN-4936-1

openSUSE-SU-2021:0373-1

openSUSE-SU-2021:0387-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2021-02-26T02:15:12Z

Modified

2025-08-09T19:01:27Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

References

Affected packages