The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x up to and including 13.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0 up to and including 13.0, Thunderbird ESR 10.x prior to 10.0.6, and SeaMonkey prior to 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 4.0 |
||
mozilla firefox 8.0 |
||
mozilla firefox 8.0.1 |
||
mozilla firefox 4.0.1 |
||
mozilla firefox 6.0 |
||
mozilla firefox 6.0.2 |
||
mozilla firefox 11.0 |
||
mozilla firefox 12.0 |
||
mozilla firefox 5.0 |
||
mozilla firefox 5.0.1 |
||
mozilla firefox 9.0.1 |
||
mozilla firefox 9.0 |
||
mozilla firefox 6.0.1 |
||
mozilla firefox 7.0.1 |
||
mozilla firefox 7.0 |
||
mozilla firefox 13.0 |
||
mozilla firefox esr 10.0.1 |
||
mozilla firefox esr 10.0.4 |
||
mozilla firefox esr 10.0 |
||
mozilla firefox esr 10.0.2 |
||
mozilla firefox esr 10.0.3 |
||
mozilla firefox esr 10.0.5 |
||
mozilla thunderbird 5.0 |
||
mozilla thunderbird 6.0 |
||
mozilla thunderbird 10.0.2 |
||
mozilla thunderbird 10.0.3 |
||
mozilla thunderbird 7.0.1 |
||
mozilla thunderbird 7.0 |
||
mozilla thunderbird 8.0 |
||
mozilla thunderbird 10.0.4 |
||
mozilla thunderbird 11.0 |
||
mozilla thunderbird 6.0.1 |
||
mozilla thunderbird 6.0.2 |
||
mozilla thunderbird 10.0.1 |
||
mozilla thunderbird 10.0 |
||
mozilla thunderbird 9.0.1 |
||
mozilla thunderbird 9.0 |
||
mozilla thunderbird 12.0 |
||
mozilla thunderbird 13.0 |
||
mozilla thunderbird esr 10.0.5 |
||
mozilla thunderbird esr 10.0 |
||
mozilla thunderbird esr 10.0.1 |
||
mozilla thunderbird esr 10.0.3 |
||
mozilla thunderbird esr 10.0.4 |
||
mozilla thunderbird esr 10.0.2 |
||
mozilla seamonkey |
||
mozilla seamonkey 2.1 |
||
mozilla seamonkey 2.0.8 |
||
mozilla seamonkey 2.0.1 |
||
mozilla seamonkey 2.0.12 |
||
mozilla seamonkey 2.0.4 |
||
mozilla seamonkey 2.0 |
||
mozilla seamonkey 1.1.8 |
||
mozilla seamonkey 1.1.17 |
||
mozilla seamonkey 1.1.6 |
||
mozilla seamonkey 1.1.9 |
||
mozilla seamonkey 1.5.0.8 |
||
mozilla seamonkey 1.5.0.9 |
||
mozilla seamonkey 2.0.9 |
||
mozilla seamonkey 2.0.6 |
||
mozilla seamonkey 2.0.14 |
||
mozilla seamonkey 2.0.3 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.1.14 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.1.10 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.1.13 |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 2.0.7 |
||
mozilla seamonkey 2.0.11 |
||
mozilla seamonkey 2.0.13 |
||
mozilla seamonkey 2.0.10 |
||
mozilla seamonkey 1.1.7 |
||
mozilla seamonkey 1.1.16 |
||
mozilla seamonkey 1.1.12 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 2.0.5 |
||
mozilla seamonkey 2.0.2 |
||
mozilla seamonkey 1.1.19 |
||
mozilla seamonkey 1.1.18 |
||
mozilla seamonkey 1.1.15 |
||
mozilla seamonkey 1.1.11 |
||
mozilla seamonkey 1.1.4 |
||
mozilla seamonkey 1.1.5 |
||
mozilla seamonkey 1.5.0.10 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.4 |