CVE-2021-23969

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23969

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23969.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23969

Downstream

DEBIAN-CVE-2021-23969

DLA-2575-1

DLA-2578-1

DSA-4862-1

DSA-4866-1

OESA-2023-1673

OESA-2023-1674

RHSA-2021:0655

RHSA-2021:0656

RHSA-2021:0657

RHSA-2021:0658

RHSA-2021:0659

RHSA-2021:0660

RHSA-2021:0661

RHSA-2021:0662

SUSE-SU-2021:0659-1

SUSE-SU-2021:0661-1

SUSE-SU-2021:0667-1

SUSE-SU-2021:0676-1

SUSE-SU-2021:14657-1

UBUNTU-CVE-2021-23969

USN-4756-1

USN-4936-1

openSUSE-SU-2021:0373-1

openSUSE-SU-2021:0387-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2021-02-26T02:15:12Z

Modified

2025-08-09T20:01:27Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

References

Affected packages