The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
Metrics
Affected Vendors & Products
References
History
Mon, 21 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:* |
Mon, 21 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:* |
cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2015-01-14T11:00:00
Updated: 2024-08-06T13:26:02.578Z
Reserved: 2014-11-06T00:00:00
Link: CVE-2014-8638
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-14T11:59:07.163
Modified: 2024-11-21T02:19:29.813
Link: CVE-2014-8638
Redhat