[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8638Date: (C)2015-01-14   (M)2024-03-27


The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1031533
SECTRACK-1031534
SECUNIA-62237
SECUNIA-62242
SECUNIA-62250
SECUNIA-62253
SECUNIA-62259
SECUNIA-62273
SECUNIA-62274
SECUNIA-62283
SECUNIA-62293
SECUNIA-62304
SECUNIA-62313
SECUNIA-62315
SECUNIA-62316
SECUNIA-62418
SECUNIA-62446
SECUNIA-62657
SECUNIA-62790
BID-72047
DSA-3127
DSA-3132
GLSA-201504-01
RHSA-2015:0046
RHSA-2015:0047
SUSE-SU-2015:0171
SUSE-SU-2015:0173
SUSE-SU-2015:0180
USN-2460-1
firefox-cve20148638-csrf(99958)
http://linux.oracle.com/errata/ELSA-2015-0046.html
http://linux.oracle.com/errata/ELSA-2015-0047.html
http://www.mozilla.org/security/announce/2014/mfsa2015-03.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1080987
openSUSE-SU-2015:0077
openSUSE-SU-2015:0133
openSUSE-SU-2015:0192
openSUSE-SU-2015:1266

CPE    7
cpe:/a:mozilla:firefox_esr:31.1.0
cpe:/a:mozilla:firefox_esr:31.1.1
cpe:/a:mozilla:firefox_esr:31.3.0
cpe:/a:mozilla:firefox_esr:31.0
...
CWE    1
CWE-352
OVAL    30
oval:org.secpod.oval:def:1500879
oval:org.secpod.oval:def:1500878
oval:org.secpod.oval:def:108325
oval:org.secpod.oval:def:108326
...

© SecPod Technologies