CVE-2021-23969
4.3
MEDIUM
CVSS 3.1
EPSS 1.2%
描述
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
如何修補 CVE-2021-23969
要修補 CVE-2021-23969,請將受影響套件升級到下列已修補版本。
- —升級至 78.8.0esr-1 或更新版本
- —升級至 1:78.8.0-1 或更新版本
CVE-2021-23969 正在被利用嗎?
低 — EPSS 為 1.2%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 78.8.0esr-1
- from 0, < 1:78.8.0-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |