Vulnerability Database

296,223

Total vulnerabilities in the database

CVE-2011-2990

The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects.

  • Published: Aug 18, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2011-2990
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
mozilla / firefox 4.0-beta6 4.0-beta6.x
mozilla / firefox 4.0-beta1 4.0-beta1.x
mozilla / firefox 4.0-beta9 4.0-beta9.x
mozilla / firefox 4.0-beta5 4.0-beta5.x
mozilla / firefox 4.0-beta8 4.0-beta8.x
mozilla / firefox 4.0-beta12 4.0-beta12.x
mozilla / firefox 4.0-beta3 4.0-beta3.x
mozilla / firefox 5.0 5.0.x
mozilla / firefox 4.0-beta2 4.0-beta2.x
mozilla / firefox 4.0-beta4 4.0-beta4.x
mozilla / firefox 4.0-beta10 4.0-beta10.x
mozilla / firefox 4.0 4.0.x
mozilla / firefox 4.0-beta11 4.0-beta11.x
mozilla / firefox 4.0-beta7 4.0-beta7.x
mozilla / firefox 4.0.1 4.0.1.x
mozilla / seamonkey 2.0.10 2.0.10.x
mozilla / seamonkey 1.1.10 1.1.10.x
mozilla / seamonkey 1.0.3 1.0.3.x
mozilla / seamonkey 1.1.8 1.1.8.x
mozilla / seamonkey 1.0.1 1.0.1.x
mozilla / seamonkey 1.1.7 1.1.7.x
mozilla / seamonkey 1.5.0.10 1.5.0.10.x
mozilla / seamonkey 1.0.6 1.0.6.x
mozilla / seamonkey 1.0.9 1.0.9.x
mozilla / seamonkey 1.1.3 1.1.3.x
mozilla / seamonkey 2.0.4 2.0.4.x
mozilla / seamonkey 1.0 1.0.x
mozilla / seamonkey 2.1-alpha2 2.1-alpha2.x
mozilla / seamonkey 2.0.3 2.0.3.x
mozilla / seamonkey 2.0.2 2.0.2.x
mozilla / seamonkey 1.1.17 1.1.17.x
mozilla / seamonkey 2.0-alpha_2 2.0-alpha_2.x
mozilla / seamonkey 1.1.5 1.1.5.x
mozilla / seamonkey 2.0.8 2.0.8.x
mozilla / seamonkey 1.0.7 1.0.7.x
mozilla / seamonkey 1.0-beta 1.0-beta.x
mozilla / seamonkey 1.1-alpha 1.1-alpha.x
mozilla / seamonkey 2.0-rc2 2.0-rc2.x
mozilla / seamonkey 2.0-alpha_3 2.0-alpha_3.x
mozilla / seamonkey 1.0-alpha 1.0-alpha.x
mozilla / seamonkey 1.1.12 1.1.12.x
mozilla / seamonkey 1.1 1.1.x
mozilla / seamonkey 1.1.14 1.1.14.x
mozilla / seamonkey 2.0.11 2.0.11.x
mozilla / seamonkey 1.1.2 1.1.2.x
mozilla / seamonkey 2.0-beta_2 2.0-beta_2.x
mozilla / seamonkey 1.0.2 1.0.2.x
mozilla / seamonkey 1.0.8 1.0.8.x
mozilla / seamonkey 1.1.11 1.1.11.x
mozilla / seamonkey 2.0-alpha_1 2.0-alpha_1.x
mozilla / seamonkey 1.5.0.9 1.5.0.9.x
mozilla / seamonkey 1.1-beta 1.1-beta.x
mozilla / seamonkey 1.1.1 1.1.1.x
mozilla / seamonkey 2.0.9 2.0.9.x
mozilla / seamonkey 2.1-alpha1 2.1-alpha1.x
mozilla / seamonkey 1.5.0.8 1.5.0.8.x
mozilla / seamonkey 2.0.1 2.0.1.x
mozilla / seamonkey 1.0.5 1.0.5.x
mozilla / seamonkey 1.1.15 1.1.15.x
mozilla / seamonkey 1.1.6 1.1.6.x
mozilla / seamonkey 2.0.7 2.0.7.x
mozilla / seamonkey 1.1.16 1.1.16.x
mozilla / seamonkey 2.0-beta_1 2.0-beta_1.x
mozilla / seamonkey 1.1.19 1.1.19.x
mozilla / seamonkey 2.0.5 2.0.5.x
mozilla / seamonkey 2.0-rc1 2.0-rc1.x
mozilla / seamonkey 1.0.4 1.0.4.x
mozilla / seamonkey 1.1.9 1.1.9.x
mozilla / seamonkey 1.1.13 1.1.13.x
mozilla / seamonkey 1.1.18 1.1.18.x
mozilla / seamonkey 2.0.6 2.0.6.x
mozilla / seamonkey 2.1-alpha3 2.1-alpha3.x
mozilla / seamonkey 2.0 2.0.x
mozilla / seamonkey 1.1.4 1.1.4.x