CVE-2014-8638 vulnerability in Mozilla Products
Published on January 14, 2015

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-8638

Want to know whenever a new CVE is published for Mozilla products? stack.watch will email you.

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Mozilla Thunderbird

Mozilla SeaMonkey

Exploit Probability

EPSS

0.50%

Percentile

65.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-8638 vulnerability in Mozilla ProductsPublished on January 14, 2015

Products Associated with CVE-2014-8638

Exploit Probability

CVE-2014-8638 vulnerability in Mozilla Products
Published on January 14, 2015