The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 44.0.2 (including) |
Firefox_esr | Mozilla | 38.0 (including) | 38.0 (including) |
Firefox_esr | Mozilla | 38.0.1 (including) | 38.0.1 (including) |
Firefox_esr | Mozilla | 38.0.5 (including) | 38.0.5 (including) |
Firefox_esr | Mozilla | 38.1.0 (including) | 38.1.0 (including) |
Firefox_esr | Mozilla | 38.1.1 (including) | 38.1.1 (including) |
Firefox_esr | Mozilla | 38.2.0 (including) | 38.2.0 (including) |
Firefox_esr | Mozilla | 38.2.1 (including) | 38.2.1 (including) |
Firefox_esr | Mozilla | 38.3.0 (including) | 38.3.0 (including) |
Firefox_esr | Mozilla | 38.4.0 (including) | 38.4.0 (including) |
Firefox_esr | Mozilla | 38.5.0 (including) | 38.5.0 (including) |
Firefox_esr | Mozilla | 38.5.1 (including) | 38.5.1 (including) |
Firefox_esr | Mozilla | 38.6.0 (including) | 38.6.0 (including) |
Firefox_esr | Mozilla | 38.6.1 (including) | 38.6.1 (including) |
Thunderbird | Mozilla | * | 38.6.0 (including) |