CVE-2023-34415
CVSS v3.1
6.1 (Medium)
EPSS
0.06 % (26th)
Affected Products
1
Advisories
3
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Weaknesses
- CWE-601
- URL Redirection to Untrusted Site ('Open Redirect')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2023-06-19 11:15:10
(15 months ago) - Updated Date
-
2024-01-07 11:15:11
(8 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...