CVE-2014-1591Sensitive Info Insertion into Sent Data in Mozilla Seamonkey

CWE-199CWE-201Sensitive Info Insertion into Sent Data7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedDec 11
Latest updateMay 17

Description

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Ubuntumozilla/firefox< 34.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox33.0

🔴Vulnerability Details

3
GHSA
GHSA-2h6h-f2x3-xhhh: Mozilla Firefox 332022-05-17
CVEList
CVE-2014-1591: Mozilla Firefox 332014-12-11
OSV
CVE-2014-1591: Mozilla Firefox 332014-12-02

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2014-12-02
Red Hat
Mozilla: CSP leaks redirect data via violation reports (MFSA 2014-86)2014-12-02

💬Community

1
Bugzilla
CVE-2014-1591 Mozilla: CSP leaks redirect data via violation reports (MFSA 2014-86)2014-12-01
CVE-2014-1591 — Sensitive Info Insertion into Sent Data | cvebase