If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
firefoxlt86.0
firefox_esrlt78.8
thunderbirdlt78.8

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
firefox	lt	86.0
firefox_esr	lt	78.8
thunderbird	lt	78.8

References

bugzilla.mozilla.org/show_bug.cgi?id=1687342

lists.debian.org/debian-lts-announce/2021/03/msg00000.html

security.gentoo.org/glsa/202104-09

security.gentoo.org/glsa/202104-10

www.debian.org/security/2021/dsa-4866

www.mozilla.org/security/advisories/mfsa2021-07/

www.mozilla.org/security/advisories/mfsa2021-08/

www.mozilla.org/security/advisories/mfsa2021-09/

cve 1

redhatcve 1

veracode 1

nvd 1

ubuntucve 1

debiancve 1

alpinelinux 1

cvelist 1

threatpost 1

oraclelinux 4

nessus 46

mageia 2

openvas 23

mozilla 3

amazon 1

debian 4

almalinux 2

redhat 8

centos 2

osv 6

suse 2

kaspersky 3

altlinux 2

ibm 2

ubuntu 2

gentoo 2

rosalinux 2

cve

CVE-2021-23968

2021-02-26 02:15:12

redhatcve

CVE-2021-23968

2021-02-24 01:36:17

veracode

Information Disclosure

2021-02-25 00:06:30

nvd

CVE-2021-23968

2021-02-26 02:15:12

ubuntucve

CVE-2021-23968

2021-02-26 00:00:00

debiancve

CVE-2021-23968

2021-02-26 02:15:12

alpinelinux

CVE-2021-23968

2021-02-26 02:15:12

cvelist

CVE-2021-23968

2021-02-26 01:59:36

threatpost

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

2021-02-24 20:50:29

oraclelinux

firefox security update

2021-02-26 00:00:00

thunderbird security update

2021-02-26 00:00:00

firefox security update

2021-02-26 00:00:00

nessus

RHEL 8 : firefox (RHSA-2021:0655)

2021-02-24 00:00:00

RHEL 8 : thunderbird (RHSA-2021:0657)

2021-02-24 00:00:00

RHEL 8 : thunderbird (RHSA-2021:0658)

2021-02-24 00:00:00

mageia

Updated firefox packages fix security vulnerabilities

2021-03-04 15:26:19

Updated thunderbird packages fix security vulnerabilities

2021-03-04 15:26:19

openvas

Debian: Security Advisory (DSA-4866-1)

2021-03-02 00:00:00

CentOS: Security Advisory for thunderbird (CESA-2021:0661)

2021-02-28 00:00:00

Mozilla Thunderbird Security Advisories (MFSA2021-06, MFSA2021-09) - Mac OS X

2021-02-24 00:00:00

mozilla

Security Vulnerabilities fixed in Thunderbird 78.8 — Mozilla

2021-02-23 00:00:00

Security Vulnerabilities fixed in Firefox ESR 78.8 — Mozilla

2021-02-23 00:00:00

Security Vulnerabilities fixed in Firefox 86 — Mozilla

2021-02-23 00:00:00

amazon

Important: thunderbird

2021-03-18 01:13:00

debian

[SECURITY] [DLA 2575-1] firefox-esr security update

2021-02-25 10:48:48

[SECURITY] [DLA 2578-1] thunderbird security update

2021-03-01 14:44:10

[SECURITY] [DSA 4862-1] firefox-esr security update

2021-02-24 19:23:08

almalinux

Important: thunderbird security update

2021-02-24 14:31:21

Critical: firefox security update

2021-02-24 14:17:36

redhat

(RHSA-2021:0661) Important: thunderbird security update

2021-02-24 14:32:26

(RHSA-2021:0655) Critical: firefox security update

2021-02-24 14:17:36

(RHSA-2021:0662) Important: thunderbird security update

2021-02-24 14:32:51

centos

thunderbird security update

2021-02-27 14:34:56

firefox security update

2021-02-27 14:34:20

osv

firefox-esr - security update

2021-02-25 00:00:00

thunderbird - security update

2021-03-01 00:00:00

thunderbird - security update

2021-02-28 00:00:00

suse

Security update for MozillaFirefox (important)

2021-03-03 00:00:00

Security update for MozillaThunderbird (important)

2021-03-06 00:00:00

kaspersky

KLA12092 Multiple vulnerabilities in Mozilla Thunderbird

2021-02-23 00:00:00

KLA12091 Multiple vulnerabilities in Mozilla Firefox ESR

2021-02-23 00:00:00

KLA12090 Multiple vulnerablities in Mozilla Firefox

2021-02-23 00:00:00

altlinux

Security fix for the ALT Linux 10 package firefox-esr version 78.8.0-alt1

2021-02-23 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 78.8.0-alt1

2021-02-25 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.9.0 ESR + CVE-2021-23978) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF13 + CP4MCM2.2

2021-05-12 02:37:56

Security Bulletin: Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring

2021-05-18 11:41:03

ubuntu

Thunderbird vulnerabilities

2021-05-06 00:00:00

Firefox vulnerabilities

2021-02-26 00:00:00

gentoo

Mozilla Thunderbird: Multiple vulnerabilities

2021-04-30 00:00:00

Mozilla Firefox: Multiple vulnerabilities

2021-04-30 00:00:00

rosalinux

Advisory ROSA-SA-2021-1986

2021-07-02 18:16:55

Advisory ROSA-SA-2021-1835

2021-07-02 16:43:38

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

4.8 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.3%

JSON

Related for PRION:CVE-2021-23968