2012-07-18 12:26:49 2017-12-29 03:29:17

The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Mozilla Thunderbird 10.0.4 Mozilla Thunderbird 10.0.3 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Thunderbird 9.0.1 Mozilla Thunderbird 9.0 Mozilla Thunderbird 8.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6.0 Mozilla Thunderbird 5.0 Mozilla SeaMonkey 2.10 Mozilla SeaMonkey 2.1 Release Candidate 2 Mozilla SeaMonkey 2.1 Release Candidate 1 Mozilla SeaMonkey 2.1 Beta 3 Mozilla SeaMonkey 2.1 Beta 2 Mozilla SeaMonkey 2.1 Beta 1 Mozilla SeaMonkey 2.1 alpha3 Mozilla SeaMonkey 2.1 alpha2 Mozilla SeaMonkey 2.1 alpha1 Mozilla SeaMonkey 2.1 Mozilla SeaMonkey 2.0.14 Mozilla SeaMonkey 2.0.13 Mozilla SeaMonkey 2.0.12 Mozilla SeaMonkey 2.0.11 Mozilla SeaMonkey 2.0.10 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.8 Mozilla SeaMonkey 2.0.7 Mozilla SeaMonkey 2.0.6 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.3 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.0 RC2 Mozilla SeaMonkey 2.0 RC1 Mozilla SeaMonkey 2.0 Beta 2 Mozilla SeaMonkey 2.0 Beta 1 Mozilla SeaMonkey 2.0 Alpha 3 Mozilla SeaMonkey 2.0 Alpha 2 Mozilla SeaMonkey 2.0 Mozilla SeaMonkey 2.0 Alpha 1 Mozilla SeaMonkey 1.5.0.10 Mozilla SeaMonkey 1.5.0.9 Mozilla SeaMonkey 1.5.0.8 Mozilla Seamonkey 1.1.19 Mozilla Seamonkey 1.1.18 Mozilla SeaMonkey 1.1.17 Mozilla SeaMonkey 1.1.16 Mozilla SeaMonkey 1.1.15 Mozilla SeaMonkey 1.1.14 Mozilla SeaMonkey 1.1.13 Mozilla SeaMonkey 1.1.12 Mozilla SeaMonkey 1.1.11 Mozilla SeaMonkey 1.1.10 Mozilla SeaMonkey 1.1.9 Mozilla SeaMonkey 1.1.8 Mozilla Seamonkey 1.1.7 Mozilla Seamonkey 1.1.6 Mozilla Seamonkey 1.1.5 Mozilla Seamonkey 1.1.4 Mozilla Seamonkey 1.1.3 Mozilla Seamonkey 1.1.2 Mozilla Seamonkey 1.1.1 Mozilla SeaMonkey 1.1 beta Mozilla SeaMonkey 1.1 alpha Mozilla SeaMonkey 1.1 Mozilla SeaMonkey 1.0.9 Mozilla SeaMonkey 1.0.8 Mozilla SeaMonkey 1.0.7 Mozilla SeaMonkey 1.0.6 Mozilla SeaMonkey 1.0.5 Mozilla SeaMonkey 1.0.4 Mozilla SeaMonkey 1.0.3 Mozilla SeaMonkey 1.0.2 Mozilla SeaMonkey 1.0.1 Mozilla SeaMonkey 1.0 beta Mozilla SeaMonkey 1.0 alpha Mozilla SeaMonkey 1.0 Mozilla Firefox Extended Support Release (ESR) 10.0.5 Mozilla Firefox Extended Support Release (ESR) 10.0.4 Mozilla Firefox Extended Support Release (ESR) 10.0.3 Mozilla Firefox Extended Support Release (ESR) 10.0.2 Mozilla Firefox Extended Support Release (ESR) 10.1 Mozilla Firefox Extended Support Release (ESR) 10.0 Mozilla Firefox 13.0 Mozilla Firefox 12.0 beta6 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 9.0.1 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 beta9 Mozilla Firefox 4.0 beta8 Mozilla Firefox 4.0 beta7 Mozilla Firefox 4.0 beta6 Mozilla Firefox 4.0 beta5 Mozilla Firefox 4.0 beta4 Mozilla Firefox 4.0 beta3 Mozilla Firefox 4.0 beta2 Mozilla Firefox 4.0 beta12 Mozilla Firefox 4.0 beta11 Mozilla Firefox 4.0 beta10 Mozilla Firefox 4.0 beta1 Mozilla Firefox 4.0 Mozilla Thunderbird 11.0 Mozilla Thunderbird 12.0 Mozilla Thunderbird 13.0 Mozilla Thunderbird Extended Support Release (ESR) 10.0 Mozilla Thunderbird Extended Support Release (ESR) 10.0.1 Mozilla Thunderbird Extended Support Release (ESR) 10.0.2 Mozilla Thunderbird Extended Support Release (ESR) 10.0.3 Mozilla Thunderbird Extended Support Release (ESR) 10.0.4 Mozilla Thunderbird Extended Support Release (ESR) 10.0.5