CVE-2014-8638

medium

Description

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

References

http://linux.oracle.com/errata/ELSA-2015-0046.html

http://linux.oracle.com/errata/ELSA-2015-0047.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html

http://rhn.redhat.com/errata/RHSA-2015-0046.html

http://rhn.redhat.com/errata/RHSA-2015-0047.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1080987

http://secunia.com/advisories/62237

http://secunia.com/advisories/62242

http://secunia.com/advisories/62250

http://secunia.com/advisories/62253

http://secunia.com/advisories/62259

http://secunia.com/advisories/62273

http://secunia.com/advisories/62274

http://secunia.com/advisories/62283

http://secunia.com/advisories/62293

http://secunia.com/advisories/62304

http://secunia.com/advisories/62313

http://secunia.com/advisories/62315

http://secunia.com/advisories/62316

http://secunia.com/advisories/62418

http://secunia.com/advisories/62446

http://secunia.com/advisories/62657

http://secunia.com/advisories/62790

https://exchange.xforce.ibmcloud.com/vulnerabilities/99958

https://security.gentoo.org/glsa/201504-01

http://www.debian.org/security/2015/dsa-3127

http://www.debian.org/security/2015/dsa-3132

http://www.mozilla.org/security/announce/2014/mfsa2015-03.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.securitytracker.com/id/1031533

http://www.securitytracker.com/id/1031534

http://www.ubuntu.com/usn/USN-2460-1

Details

Source: Mitre, NVD

Published: 2015-01-14

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium