CVE-2014-8638

CVSS v2.0 6.8 (Medium)

EPSS 0.64 % (80^th)

Affected Products 4

Advisories 10

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

Related CVEs

CVE-2015-0807

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-01-14 11:59:07
(9 years ago)
Updated Date: 2017-09-08 01:29:26
(7 years ago)

Affected Products

Mozilla

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
	Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
	Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
	Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0

Configuration #2

		CPE23	From	Up To
	Mozilla Thunderbird 31.3.0 and prior versions	cpe:2.3:a:mozilla:thunderbird		<= 31.3.0

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox 34.0.5 and prior versions	cpe:2.3:a:mozilla:firefox		<= 34.0.5

Configuration #4

		CPE23	From	Up To
	Mozilla Seamonkey 2.31 and prior versions	cpe:2.3:a:mozilla:seamonkey		<= 2.31