Information Disclosure Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1591

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Seamonkey
Vendor
CVE Published:
11 December 2014

Summary

In certain versions of Mozilla Firefox and SeaMonkey, an issue arises due to the inclusion of path strings in Content Security Policy (CSP) violation reports. This vulnerability allows remote attackers to gain access to sensitive information by leveraging a web page that processes a CSP report after a redirect. As a result, attackers can potentially expose user data, raising concerns regarding user privacy and security.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1069762
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2014/mfsa2014-86...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201504-01
vendor-advisoryx_refsource_GENTOO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-1591 : Information Disclosure Vulnerability in Mozilla Firefox and SeaMonkey | SecurityVulnerability.io