|Number of vulnerabilities||1|
firefox-esr (Alpine package)
Operating systems & Components / Operating system package or component
|Vendor||Alpine Linux Development Team|
This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to bypass implemented security restrictions.The vulnerability exists due to incorrect implementation of W3C Content Security Policy. If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. A remote attacker can gain knowledge of sensitive information contained in such URIs. Mitigation
Install update from vendor's website.Vulnerable software versions
firefox-esr (Alpine package): 60.4.0-r0 - 78.7.1-r0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?