PT-2011-4229 · Mozilla · Firefox+1

Published

2011-08-16

Updated

2024-12-12

CVE-2011-2990

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 5 SeaMonkey versions 2.x before 2.3

Description The issue is related to the implementation of Content Security Policy (CSP) violation reports, which does not properly remove proxy-authorization credentials from the listed request headers. This allows attackers to obtain sensitive information by reading a report. The problem is associated with incorrect host resolution that occurs with certain redirects.

Recommendations For Mozilla Firefox versions 4.x through 5, update to a version that properly handles CSP violation reports. For SeaMonkey versions 2.x before 2.3, update to version 2.3 or later to ensure correct handling of CSP violation reports.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2011-2990

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Firefox

Seamonkey

PT-2011-4229 · Mozilla · Firefox+1

CVE-2011-2990

Weakness Enumeration

Related Identifiers

Affected Products

References · 2066