CVE-2014-8639 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 35.0 Firefox ESR 31.x before 31.4 Thunderbird before 31.4 and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Reference

http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-0046.html http://rhn.redhat.com/errata/RHSA-2015-0047.html http://secunia.com/advisories/62237 http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62259 http://secunia.com/advisories/62273 http://secunia.com/advisories/62274 http://secunia.com/advisories/62283 http://secunia.com/advisories/62293 http://secunia.com/advisories/62304 http://secunia.com/advisories/62313 http://secunia.com/advisories/62315 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advisories/62446 http://secunia.com/advisories/62657 http://secunia.com/advisories/62790 http://www.debian.org/security/2015/dsa-3127 http://www.debian.org/security/2015/dsa-3132 http://www.mozilla.org/security/announce/2014/mfsa2015-04.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72046 http://www.securitytracker.com/id/1031533 http://www.securitytracker.com/id/1031534 http://www.ubuntu.com/usn/USN-2460-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1095859 https://exchange.xforce.ibmcloud.com/vulnerabilities/99959 https://security.gentoo.org/glsa/201504-01

Share on: