The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
References
Link Providers
http://linux.oracle.com/errata/ELSA-2015-0046.html cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2015-0047.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0046.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0047.html cve-icon cve-icon
http://secunia.com/advisories/62237 cve-icon cve-icon
http://secunia.com/advisories/62242 cve-icon cve-icon
http://secunia.com/advisories/62250 cve-icon cve-icon
http://secunia.com/advisories/62253 cve-icon cve-icon
http://secunia.com/advisories/62259 cve-icon cve-icon
http://secunia.com/advisories/62273 cve-icon cve-icon
http://secunia.com/advisories/62274 cve-icon cve-icon
http://secunia.com/advisories/62283 cve-icon cve-icon
http://secunia.com/advisories/62293 cve-icon cve-icon
http://secunia.com/advisories/62304 cve-icon cve-icon
http://secunia.com/advisories/62313 cve-icon cve-icon
http://secunia.com/advisories/62315 cve-icon cve-icon
http://secunia.com/advisories/62316 cve-icon cve-icon
http://secunia.com/advisories/62418 cve-icon cve-icon
http://secunia.com/advisories/62446 cve-icon cve-icon
http://secunia.com/advisories/62657 cve-icon cve-icon
http://secunia.com/advisories/62790 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3127 cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3132 cve-icon cve-icon
http://www.mozilla.org/security/announce/2014/mfsa2015-03.html cve-icon cve-icon
http://www.mozilla.org/security/announce/2015/mfsa2015-03.html cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html cve-icon cve-icon
http://www.securityfocus.com/bid/72047 cve-icon cve-icon
http://www.securitytracker.com/id/1031533 cve-icon cve-icon
http://www.securitytracker.com/id/1031534 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2460-1 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=1080987 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/99958 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-8638 cve-icon
https://security.gentoo.org/glsa/201504-01 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-8638 cve-icon
History

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*

Mon, 21 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2015-01-14T11:00:00

Updated: 2024-08-06T13:26:02.578Z

Reserved: 2014-11-06T00:00:00

Link: CVE-2014-8638

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-01-14T11:59:07.163

Modified: 2024-11-21T02:19:29.813

Link: CVE-2014-8638

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-01-13T00:00:00Z

Links: CVE-2014-8638 - Bugzilla