Security researcher Muneaki Nishimura reported that Content Security Policy (CSP) violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure.
Name: the Mozilla project
Upstream: Muneaki Nishimura
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.