CVE-2014-8638 – The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, F

March 7, 2022

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638

Reference (s):

BID:72047
URL: http://www.securityfocus.com/bid/72047
http://linux.oracle.com/errata/ELSA-2015-0046.html
http://linux.oracle.com/errata/ELSA-2015-0047.html
http://www.mozilla.org/security/announce/2014/mfsa2015-03.html

CVE-2014-8638 – The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, F

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2020-11610 - An issue was discovered in xdLocalStorage through 2.0.5. The postData() f

CVE-2020-27199 - The Magic Home Pro application 1.5.1 for Android allows Authentication By

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

Categories

Partners

Just add here your partners image or promo text

CVE-2014-8638 – The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, F

Related posts

Something Fresh

What People Reading

Categories

Partners

Just add here your partners image or promo text