Improperly implemented security check for standard in Mozilla Firefox and Firefox ESR - CVE-2021-23969

 

Improperly implemented security check for standard in Mozilla Firefox and Firefox ESR - CVE-2021-23969

Published: February 23, 2021


Vulnerability identifier: #VU50879
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-23969
CWE-ID: CWE-358
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of W3C Content Security Policy. Under certain types of redirects Firefox incorrectly sets the source file to be the destination of the redirects. A remote attacker can gain knowledge of the destination URL.


How to mitigate CVE-2021-23969

Install updates from vendor's website.

Sources