Vulnerability in Mozilla Firefox

CVE-2014-1591

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

EPSS: 0.003 (50.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 33.0
Mozilla Seamonkey
N/a — versions n/a

Weakness classification (CWE)

CWE-199

References

security@mozilla.org (x_refsource_CONFIRM)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
security@mozilla.org (x_refsource_CONFIRM)