CVE-2014-8638

Mozilla Firefox <35.0, ESR 31.x <31.4, Thunderbird <31.4, SeaMonkey...

Title source: llm
STIX 2.1

Description

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

References (39)

Core 39
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0046.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62242
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72047
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62304
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2015-0047.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62259
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62250
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62237
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62418
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62316
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3132
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62274
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62313
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62790
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62293
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62283
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62446
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62657
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62273
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3127
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62315
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2015-0046.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62253
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031534
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0047.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031533
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2460-1
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1080987
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99958

Scores

EPSS 0.0050
EPSS Percentile 66.1%

Details

CWE
CWE-352
Status published
Products (8)
mozilla/firefox 31.0
mozilla/firefox 31.1.0
mozilla/firefox 31.1.1
mozilla/firefox 31.3.0
mozilla/firefox < 34.0.5
mozilla/firefox_esr 31.2
mozilla/seamonkey < 2.31
mozilla/thunderbird < 31.3.0
Published Jan 14, 2015
Tracked Since Feb 18, 2026