Bugzilla – Bug 970381
VUL-0: CVE-2016-1955: MozillaFirefox: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)
Last modified: 2019-05-01 17:04:41 UTC
Security researcher Muneaki Nishimura reported that Content Security Policy (CSP) violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure.
bugbot adjusting priority
resolved in the main tracker bug 969894
*** This bug has been marked as a duplicate of bug 969894 ***