Unrated severityNVD Advisory· Published Dec 11, 2014· Updated Jun 17, 2026
CVE-2014-1591
CVE-2014-1591
Description
Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:33.0:*:*:*:*:*:*:*
- (no CPE)range: = 33.0
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=2.30
- (no CPE)range: < 2.31
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.