|Date: (C)2011-08-18 (M)2017-09-22|| |
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.
|CVSS Score: 5.0||Access Vector: NETWORK|
|Exploit Score: 10.0||Access Complexity: LOW|
|Impact Score: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|