CVE-2014-8638: CSRF

First published: Wed Jan 14 2015(Updated: )

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Credit: security@mozilla.org security@mozilla.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• collector/nvd-index
• agent/software-canonical-lookup-request
• agent/references
• agent/severity
• agent/weakness
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/first-publish-date
• agent/event
• agent/last-modified-date
• agent/author
• agent/tags
• agent/softwarecombine
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• vendor/mozilla
• canonical/mozilla firefox esr
• version/mozilla firefox esr/31.0
• version/mozilla firefox esr/31.1.0
• version/mozilla firefox esr/31.1.1
• version/mozilla firefox esr/31.2
• version/mozilla firefox esr/31.3.0
• canonical/mozilla thunderbird
• version/mozilla thunderbird/31.3.0
• canonical/mozilla firefox
• version/mozilla firefox/34.0.5
• canonical/mozilla seamonkey
• version/mozilla seamonkey/2.31
• version/mozilla firefox/31.0
• version/mozilla firefox/31.1.0
• version/mozilla firefox/31.1.1
• version/mozilla firefox/31.3.0