If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968
Acknowledgments: Name: the Mozilla project Upstream: Ademar Nowasky Junior
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0655 https://access.redhat.com/errata/RHSA-2021:0655
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0659 https://access.redhat.com/errata/RHSA-2021:0659
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0657 https://access.redhat.com/errata/RHSA-2021:0657
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0658 https://access.redhat.com/errata/RHSA-2021:0658
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0660 https://access.redhat.com/errata/RHSA-2021:0660
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0656 https://access.redhat.com/errata/RHSA-2021:0656
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0662 https://access.redhat.com/errata/RHSA-2021:0662
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0661 https://access.redhat.com/errata/RHSA-2021:0661
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23968