{"api_version":"1","generated_at":"2026-04-23T01:31:56+00:00","cve":"CVE-2014-8638","urls":{"html":"https://cve.report/CVE-2014-8638","api":"https://cve.report/api/cve/CVE-2014-8638.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-8638","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-8638"},"summary":{"title":"CVE-2014-8638","description":"The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2015-01-14 11:59:00","updated_at":"2017-09-08 01:29:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/62657","name":"62657","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62657 - SUSE update for MozillaThunderbird - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62250","name":"62250","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62250 - Ubuntu update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html","name":"openSUSE-SU-2015:0192","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:0192-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031533","name":"1031533","refsource":"SECTRACK","tags":[],"title":"Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62237","name":"62237","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62237 - Debian update for iceweasel - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html","name":"SUSE-SU-2015:0171","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0171-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2460-1","name":"USN-2460-1","refsource":"UBUNTU","tags":[],"title":"USN-2460-1: Thunderbird vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99958","name":"firefox-cve20148638-csrf(99958)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62315","name":"62315","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62315 - Mozilla Thunderbird Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html","name":"SUSE-SU-2015:0173","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0173-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62274","name":"62274","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62274 - Red Hat update for thunderbird - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62242","name":"62242","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62242 - Ubuntu update for ubufox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201504-01","name":"GLSA-201504-01","refsource":"GENTOO","tags":[],"title":"Gentoo Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html","name":"openSUSE-SU-2015:0133","refsource":"SUSE","tags":[],"title":"openSUSE-SU-2015:0133-1: moderate: Security update for MozillaThunderbir","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62293","name":"62293","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62293 - Oracle Linux update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html","name":"openSUSE-SU-2015:1266","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3132","name":"DSA-3132","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3132-1 icedove","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/72047","name":"72047","refsource":"BID","tags":[],"title":"Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon Cross-Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0046.html","name":"RHSA-2015:0046","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.debian.org/security/2015/dsa-3127","name":"DSA-3127","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3127-1 iceweasel","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62790","name":"62790","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62790 - SUSE update for seamonkey - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://linux.oracle.com/errata/ELSA-2015-0046.html","name":"http://linux.oracle.com/errata/ELSA-2015-0046.html","refsource":"CONFIRM","tags":[],"title":"linux.oracle.com | ELSA-2015-0046","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62316","name":"62316","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62316 - Mozilla SeaMonkey Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031534","name":"1031534","refsource":"SECTRACK","tags":[],"title":"Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Request Forgery Attacks, and Conduct Session Fixation Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62253","name":"62253","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62253 - Mozilla Firefox Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62313","name":"62313","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62313 - Mozilla Firefox ESR Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62446","name":"62446","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62446 - Waterfox Firefox Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html","name":"openSUSE-SU-2015:0077","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2015:0077-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62259","name":"62259","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62259 - Debian update for icedove - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2015-0047.html","name":"RHSA-2015:0047","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2014/mfsa2015-03.html","name":"http://www.mozilla.org/security/announce/2014/mfsa2015-03.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"sendBeacon requests lack an Origin header — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62273","name":"62273","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62273 - Red Hat update for firefox - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62304","name":"62304","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62304 - Oracle Linux update for thunderbird - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1080987","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1080987","refsource":"CONFIRM","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html","name":"SUSE-SU-2015:0180","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2015:0180-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","refsource":"CONFIRM","tags":[],"title":"Oracle Solaris Third Party Bulletin - April 2015","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/62418","name":"62418","refsource":"SECUNIA","tags":[],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://linux.oracle.com/errata/ELSA-2015-0047.html","name":"http://linux.oracle.com/errata/ELSA-2015-0047.html","refsource":"CONFIRM","tags":[],"title":"linux.oracle.com | ELSA-2015-0047","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62283","name":"62283","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA62283 - Ubuntu update for thunderbird - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-8638","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8638","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"34.0.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"31.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"2.31","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"seamonkey","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8638","vulnerable":"1","versionEndIncluding":"31.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2014-8638","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2015:0046","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0046.html"},{"name":"62242","refsource":"SECUNIA","url":"http://secunia.com/advisories/62242"},{"name":"1031533","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031533"},{"name":"USN-2460-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2460-1"},{"name":"72047","refsource":"BID","url":"http://www.securityfocus.com/bid/72047"},{"name":"openSUSE-SU-2015:0192","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"},{"name":"62304","refsource":"SECUNIA","url":"http://secunia.com/advisories/62304"},{"name":"http://linux.oracle.com/errata/ELSA-2015-0047.html","refsource":"CONFIRM","url":"http://linux.oracle.com/errata/ELSA-2015-0047.html"},{"name":"62259","refsource":"SECUNIA","url":"http://secunia.com/advisories/62259"},{"name":"62250","refsource":"SECUNIA","url":"http://secunia.com/advisories/62250"},{"name":"SUSE-SU-2015:0173","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"},{"name":"62237","refsource":"SECUNIA","url":"http://secunia.com/advisories/62237"},{"name":"openSUSE-SU-2015:0077","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"},{"name":"62418","refsource":"SECUNIA","url":"http://secunia.com/advisories/62418"},{"name":"SUSE-SU-2015:0171","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1080987","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"},{"name":"62316","refsource":"SECUNIA","url":"http://secunia.com/advisories/62316"},{"name":"DSA-3132","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3132"},{"name":"62274","refsource":"SECUNIA","url":"http://secunia.com/advisories/62274"},{"name":"GLSA-201504-01","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201504-01"},{"name":"62313","refsource":"SECUNIA","url":"http://secunia.com/advisories/62313"},{"name":"RHSA-2015:0047","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2015-0047.html"},{"name":"http://www.mozilla.org/security/announce/2014/mfsa2015-03.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"},{"name":"62790","refsource":"SECUNIA","url":"http://secunia.com/advisories/62790"},{"name":"62293","refsource":"SECUNIA","url":"http://secunia.com/advisories/62293"},{"name":"62283","refsource":"SECUNIA","url":"http://secunia.com/advisories/62283"},{"name":"firefox-cve20148638-csrf(99958)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"},{"name":"62446","refsource":"SECUNIA","url":"http://secunia.com/advisories/62446"},{"name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"name":"62657","refsource":"SECUNIA","url":"http://secunia.com/advisories/62657"},{"name":"62273","refsource":"SECUNIA","url":"http://secunia.com/advisories/62273"},{"name":"openSUSE-SU-2015:0133","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"},{"name":"openSUSE-SU-2015:1266","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"},{"name":"DSA-3127","refsource":"DEBIAN","url":"http://www.debian.org/security/2015/dsa-3127"},{"name":"SUSE-SU-2015:0180","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"},{"name":"62315","refsource":"SECUNIA","url":"http://secunia.com/advisories/62315"},{"name":"http://linux.oracle.com/errata/ELSA-2015-0046.html","refsource":"CONFIRM","url":"http://linux.oracle.com/errata/ELSA-2015-0046.html"},{"name":"62253","refsource":"SECUNIA","url":"http://secunia.com/advisories/62253"},{"name":"1031534","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1031534"}]}},"nvd":{"publishedDate":"2015-01-14 11:59:00","lastModifiedDate":"2017-09-08 01:29:00","problem_types":["CWE-352"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndIncluding":"31.3.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndIncluding":"34.0.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*","versionEndIncluding":"2.31","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"8638","Ordinal":"75689","Title":"CVE-2014-8638","CVE":"CVE-2014-8638","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"8638","Ordinal":"1","NoteData":"The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"8638","Ordinal":"2","NoteData":"2015-01-14","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"8638","Ordinal":"3","NoteData":"2017-09-07","Type":"Other","Title":"Modified"}]}}}