Generation of Error Message Containing Sensitive Information

CVE-2021-23968

Medium

4.3/10

Summary

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-209 - Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

References

Advisory Timeline

Published Feb 26, 2021

Generation of Error Message Containing Sensitive Information

CVE-2021-23968

Summary

CWE-209 - Generation of Error Message Containing Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS