CVE-2014-1591

Advisory lineage Upstream: 0 Downstream: 5

Downstream

MGASA-2014-0518 OPENSUSE-SU-2024:10071-1 OPENSUSE-SU-2024:14572-1 UBUNTU-CVE-2014-1591 USN-2424-1

Modified

Published: 11 Dec 2014, 11:00

Last modified:06 Aug 2024, 09:42

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

0.27% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Dec 2014, 11:00

Published

Vulnerability first disclosed

06 Aug 2024, 09:42

Last Modified

Vulnerability information updated

Description

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.27%• Percentile: 51%

Techniques & Countermeasures

CWE-199•Information Management Errors
Weaknesses in this category are related to improper handling of sensitive information.

Affected Systems

mozilla•firefox
33.0
mozilla•seamonkey
≤ 2.30