{"id":"CVE-2021-23968","details":"If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox \u003c 86, Thunderbird \u003c 78.8, and Firefox ESR \u003c 78.8.","modified":"2026-04-16T04:38:21.970810842Z","published":"2021-02-26T02:15:12.820Z","related":["SUSE-SU-2021:0659-1","SUSE-SU-2021:0661-1","SUSE-SU-2021:0667-1","SUSE-SU-2021:0676-1","SUSE-SU-2021:14657-1","openSUSE-SU-2021:0373-1","openSUSE-SU-2021:0387-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202104-09"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202104-10"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4866"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-07/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-08/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2021-09/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1687342"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"86.0"}]},{"events":[{"introduced":"0"},{"fixed":"78.8"}]},{"events":[{"introduced":"0"},{"fixed":"78.8"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23968.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}