The host is installed with Mozilla Firefox 33.0 or SeaMonkey before 2.31 and is prone to an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploitation allows attackers to obtain sensitive information.