CVE-2014-8639 vulnerability in Mozilla Products
Published on January 14, 2015

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-8639

Want to know whenever a new CVE is published for Mozilla products? stack.watch will email you.

Mozilla SeaMonkey

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Mozilla Thunderbird

Exploit Probability

EPSS

1.84%

Percentile

82.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-8639 vulnerability in Mozilla ProductsPublished on January 14, 2015

Products Associated with CVE-2014-8639

Exploit Probability

CVE-2014-8639 vulnerability in Mozilla Products
Published on January 14, 2015