Main Vulnerability Database Vulnerabilities #VU50879

#VU50879 Improperly implemented security check for standard in Mozilla Firefox and Firefox ESR - CVE-2021-23969

Published: February 23, 2021

Vulnerability identifier: #VU50879

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-23969

CWE-ID: CWE-358

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of W3C Content Security Policy. Under certain types of redirects Firefox incorrectly sets the source file to be the destination of the redirects. A remote attacker can gain knowledge of the destination URL.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/

#VU50879 Improperly implemented security check for standard in Mozilla Firefox and Firefox ESR - CVE-2021-23969

Description

Remediation

External links

Please verify you're human