CVE-2012-1963 (retired)

Priority
Description
The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x
through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0,
Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not
properly restrict the strings placed into the blocked-uri parameter of a
violation report, which allows remote web servers to capture OpenID
credentials and OAuth 2.0 access tokens by triggering a violation.
Package
Upstream:released (14)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (14.0.1+build1-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (14)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (14.0+build1-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:01:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)