4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.0%
Security researcher Mario Gomes reported that when a previously loaded image on a page is drag and dropped into content after a redirect, the redirected URL is available to scripts. This is a violation of the Fetch specification’s defined behavior for “Atomic HTTP redirect handling” which states that redirected URLs are not exposed to any APIs. This can allow for information leakage.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 41 | |
firefox esr | lt | 38.3 | |
firefox os | lt | 2.5 | |
seamonkey | lt | 2.38 | |
thunderbird | lt | 38.3 |