Information Disclosure Vulnerability in Mozilla Firefox and SeaMonkey
CVE-2014-1591

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Seamonkey
Vendor: CVE Published:; 11 December 2014

What is CVE-2014-1591?

In certain versions of Mozilla Firefox and SeaMonkey, an issue arises due to the inclusion of path strings in Content Security Policy (CSP) violation reports. This vulnerability allows remote attackers to gain access to sensitive information by leveraging a web page that processes a CSP report after a redirect. As a result, attackers can potentially expose user data, raising concerns regarding user privacy and security.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1069762

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2014/mfsa2014-86...

x_refsource_CONFIRM

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Jan 16, 2014

JSON