The host is missing a security update according to MFSA 2014-86. The update is required to fix an information disclosure vulnerability. A flaw is present in the path strings in CSP violation reports, which fail to handle a crafted a web site that receives a report after a redirect. Successful exploitation allows attackers to obtain sensitive information.