Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8638

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-8638
Last Modified 17 Mar 2015 10:03:05
Published 14 Jan 2015 06:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8638

Summary

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Vulnerable Systems

Application

  • Mozilla Firefox 34.0.5

  • Mozilla Firefox Esr 31.0

  • Mozilla Firefox Esr 31.1.0

  • Mozilla Firefox Esr 31.1.1

  • Mozilla Firefox Esr 31.2

  • Mozilla Firefox Esr 31.3.0

  • Mozilla Seamonkey 2.31

  • Mozilla Thunderbird 31.3.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1080987

CONFIRM - http://www.mozilla.org/security/announce/2014/mfsa2015-03.html

SECTRACK - 1031533

SECUNIA - 62250

SECUNIA - 62242

SECUNIA - 62237

SECUNIA - 62790

SECUNIA - 62657

SECUNIA - 62446

UBUNTU - USN-2460-1

DEBIAN - DSA-3132

DEBIAN - DSA-3127

REDHAT - RHSA-2015:0047

REDHAT - RHSA-2015:0046

SUSE - openSUSE-SU-2015:0133

SUSE - openSUSE-SU-2015:0192

SUSE - openSUSE-SU-2015:0077

SUSE - SUSE-SU-2015:0180

SUSE - SUSE-SU-2015:0173

SUSE - SUSE-SU-2015:0171

Related Patches

Mozilla Firefox 35.0 for Mac OS X (See Notes)

Mozilla Firefox 31.4.0 ESR for Mac OS X (See Notes)

Red Hat 2015:0046-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86

Red Hat 2015:0046-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86_64

Red Hat 2015:0047-01 RHSA Important: thunderbird security update for RHEL 5 x86

Red Hat 2015:0047-01 RHSA Important: thunderbird security update for RHEL 5 x86_64


Last Updated: 27 May 2016 11:08:07