Red Hat Bugzilla – Bug 1315570
CVE-2016-1955 Mozilla: CSP reports fail to strip location information for embedded iframe pages (MFSA 2016-18)
Last modified: 2016-03-09 04:46:19 EST
Security researcher Muneaki Nishimura reported that Content Security Policy (CSP) violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure.
Name: the Mozilla project
Upstream: Muneaki Nishimura
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.