CVE-2014-8638
Summary
| CVE | CVE-2014-8638 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-01-14 11:59:00 UTC |
| Updated | 2017-09-08 01:29:00 UTC |
| Description | The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA62657 - SUSE update for MozillaThunderbird - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA62250 - Ubuntu update for firefox - Secunia | SECUNIA | secunia.com | |
| [security-announce] openSUSE-SU-2015:0192-1: important: Security update | SUSE | lists.opensuse.org | |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Security Advisory SA62237 - Debian update for iceweasel - Secunia | SECUNIA | secunia.com | |
| [security-announce] SUSE-SU-2015:0171-1: important: Security update for | SUSE | lists.opensuse.org | |
| USN-2460-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Advisory SA62315 - Mozilla Thunderbird Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| [security-announce] SUSE-SU-2015:0173-1: important: Security update for | SUSE | lists.opensuse.org | |
| Security Advisory SA62274 - Red Hat update for thunderbird - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA62242 - Ubuntu update for ubufox - Secunia | SECUNIA | secunia.com | |
| Gentoo Security | GENTOO | security.gentoo.org | |
| openSUSE-SU-2015:0133-1: moderate: Security update for MozillaThunderbir | SUSE | lists.opensuse.org | |
| Security Advisory SA62293 - Oracle Linux update for firefox - Secunia | SECUNIA | secunia.com | |
| [security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-3132-1 icedove | DEBIAN | www.debian.org | |
| Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon Cross-Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Debian -- Security Information -- DSA-3127-1 iceweasel | DEBIAN | www.debian.org | |
| Security Advisory SA62790 - SUSE update for seamonkey - Secunia | SECUNIA | secunia.com | |
| linux.oracle.com | ELSA-2015-0046 | CONFIRM | linux.oracle.com | |
| Security Advisory SA62316 - Mozilla SeaMonkey Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Conduct Session Fixation Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Security Advisory SA62253 - Mozilla Firefox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA62313 - Mozilla Firefox ESR Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA62446 - Waterfox Firefox Multiple Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| [security-announce] openSUSE-SU-2015:0077-1: important: Security update | SUSE | lists.opensuse.org | |
| Security Advisory SA62259 - Debian update for icedove - Secunia | SECUNIA | secunia.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| sendBeacon requests lack an Origin header — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| Security Advisory SA62273 - Red Hat update for firefox - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA62304 - Oracle Linux update for thunderbird - Secunia | SECUNIA | secunia.com | |
| Access Denied | CONFIRM | bugzilla.mozilla.org | |
| [security-announce] SUSE-SU-2015:0180-1: important: Security update for | SUSE | lists.opensuse.org | |
| Oracle Solaris Third Party Bulletin - April 2015 | CONFIRM | www.oracle.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| linux.oracle.com | ELSA-2015-0047 | CONFIRM | linux.oracle.com | |
| Security Advisory SA62283 - Ubuntu update for thunderbird - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.