CVE-2011-2990

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 5 SeaMonkey versions 2.x before 2.3

Description The issue is related to the implementation of Content Security Policy (CSP) violation reports, which does not properly remove proxy-authorization credentials from the listed request headers. This allows attackers to obtain sensitive information by reading a report. The problem is associated with incorrect host resolution that occurs with certain redirects.

Recommendations For Mozilla Firefox versions 4.x through 5, update to a version that properly handles CSP violation reports. For SeaMonkey versions 2.x before 2.3, update to version 2.3 or later to ensure correct handling of CSP violation reports.