NVD Vulnerability Detail

CVE-2021-23969

Summary	As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
Publication Date	Feb. 26, 2021, 11:15 a.m.
Registration Date	Feb. 26, 2021, 4:02 p.m.
Last Update	Nov. 21, 2024, 2:52 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.mozilla.org/show_bug.cgi?id=1542194	Issue Tracking Permissions Required Vendor Advisory
2	https://bugzilla.mozilla.org/show_bug.cgi?id=1542194	Issue Tracking Permissions Required Vendor Advisory
3	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List Third Party Advisory
4	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html	Mailing List Third Party Advisory
5	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
6	https://security.gentoo.org/glsa/202104-09	Third Party Advisory
7	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
8	https://security.gentoo.org/glsa/202104-10	Third Party Advisory
9	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
10	https://www.debian.org/security/2021/dsa-4866	Third Party Advisory
11	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes Vendor Advisory
12	https://www.mozilla.org/security/advisories/mfsa2021-07/	Release Notes Vendor Advisory
13	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes Vendor Advisory
14	https://www.mozilla.org/security/advisories/mfsa2021-08/	Release Notes Vendor Advisory
15	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes Vendor Advisory
16	https://www.mozilla.org/security/advisories/mfsa2021-09/	Release Notes Vendor Advisory

Common Vulnerabilities List

JVN Vulnerability Information

Mozilla Firefox および Thunderbird における脆弱性

Title	Mozilla Firefox および Thunderbird における脆弱性
Summary	Mozilla Firefox および Thunderbird には、不特定の脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 23, 2021, midnight
Registration Date	Nov. 16, 2021, 5:26 p.m.
Last Update	Nov. 16, 2021, 5:26 p.m.

Affected System

Mozilla Foundation

Mozilla Firefox 86 未満

Mozilla Firefox ESR 78.8 未満

Mozilla Thunderbird 78.8 未満

Debian

Debian GNU/Linux

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-23969	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969
National Vulnerability Database (NVD)
2	CVE-2021-23969	https://nvd.nist.gov/vuln/detail/CVE-2021-23969

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 2578-1] thunderbird security update	https://lists.debian.org/debian-lts-announce/2021/03/msg00000.html
Debian Security Advisory
2	DSA-4866-1	https://www.debian.org/security/2021/dsa-4866
Mozilla Foundation Security Advisory
3	MFSA2021-07	https://www.mozilla.org/security/advisories/mfsa2021-07/
4	MFSA2021-08	https://www.mozilla.org/security/advisories/mfsa2021-08/
5	MFSA2021-09	https://www.mozilla.org/security/advisories/mfsa2021-09/

Change Log

No	Changed Details	Date of change
1	[2021年11月16日] 掲載	Nov. 16, 2021, 5:26 p.m.