The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-06-02T00:00:00

Updated: 2024-08-02T11:32:12.356Z

Reserved: 2023-02-13T00:00:00

Link: CVE-2023-25728

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-02T17:15:11.003

Modified: 2024-11-21T07:50:01.727

Link: CVE-2023-25728

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-14T00:00:00Z

Links: CVE-2023-25728 - Bugzilla