CVE-2011-2990Mozilla Firefox vulnerability

CWE-2556 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 32.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedAug 18
Latest updateMay 17

Description

The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox4.0, 4.0.1, 5.0+2
NVDmozilla/seamonkey46 versions+45

🔴Vulnerability Details

2
GHSA
GHSA-wg36-2chp-pmhr: The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 42022-05-17
CVEList
CVE-2011-2990: The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 42011-08-18

📋Vendor Advisories

3
Ubuntu
Libvoikko regression2011-10-19
Ubuntu
Firefox vulnerabilities2011-08-17
Ubuntu
Mozvoikko update2011-08-17
CVE-2011-2990 — Mozilla Firefox vulnerability | cvebase