When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86.
CVE Status: Modified
Attribute | Value |
---|---|
Attack Complexity | LOW |
Attack Vector | NETWORK |
Availability Impact | NONE |
Base Score | 6.5 |
Base Severity | MEDIUM |
Confidentiality Impact | HIGH |
Integrity Impact | NONE |
Privileges Required | NONE |
Scope | UNCHANGED |
User Interaction | REQUIRED |
Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Exploitability Score | 2.8 |
Impact Score | 3.6 |
Source | [email protected] |
Type | Primary |