CVE-2014-8638 Information

Feb 14, 2021 cve

Description

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0 Firefox ESR 31.x before 31.4 Thunderbird before 31.4 and SeaMonkey before 2.32 omits the CORS Origin header which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Reference

http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-0046.html http://rhn.redhat.com/errata/RHSA-2015-0047.html http://secunia.com/advisories/62237 http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62259 http://secunia.com/advisories/62273 http://secunia.com/advisories/62274 http://secunia.com/advisories/62283 http://secunia.com/advisories/62293 http://secunia.com/advisories/62304 http://secunia.com/advisories/62313 http://secunia.com/advisories/62315 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advisories/62446 http://secunia.com/advisories/62657 http://secunia.com/advisories/62790 http://www.debian.org/security/2015/dsa-3127 http://www.debian.org/security/2015/dsa-3132 http://www.mozilla.org/security/announce/2014/mfsa2015-03.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72047 http://www.securitytracker.com/id/1031533 http://www.securitytracker.com/id/1031534 http://www.ubuntu.com/usn/USN-2460-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1080987 https://exchange.xforce.ibmcloud.com/vulnerabilities/99958 https://security.gentoo.org/glsa/201504-01

Share on: