SB2021022603 - Improperly implemented security check for standard in firefox-esr (Alpine package)
Published: February 26, 2021
Security Bulletin ID
SB2021022603
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improperly implemented security check for standard (CVE-ID: CVE-2021-23969)
CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of W3C Content Security Policy. Under certain types of redirects Firefox incorrectly sets the source
file to be the destination of the redirects. A remote attacker can gain knowledge of the destination URL.
Remediation
Install update from vendor's website.