Vulnerability-Lookup

CVE-2014-8638 (GCVE-0-2014-8638)

Vulnerability from cvelistv5 – Published: 2015-01-14 11:00 – Updated: 2024-08-06 13:26

Summary

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

Severity ?

No CVSS data available.

CWE

Assigner

mozilla

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-0046.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/62242	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031533	vdb-entryx_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-2460-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/72047	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62304	third-party-advisoryx_refsource_SECUNIA
	http://linux.oracle.com/errata/ELSA-2015-0047.html	x_refsource_CONFIRM
	http://secunia.com/advisories/62259	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62250	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62237	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62418	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.mozilla.org/show_bug.cgi?id=1080987	x_refsource_CONFIRM
	http://secunia.com/advisories/62316	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2015/dsa-3132	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/62274	third-party-advisoryx_refsource_SECUNIA
	https://security.gentoo.org/glsa/201504-01	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/62313	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2015-0047.html	vendor-advisoryx_refsource_REDHAT
	http://www.mozilla.org/security/announce/2014/mfs…	x_refsource_CONFIRM
	http://secunia.com/advisories/62790	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62293	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62283	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/62446	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/advisories/62657	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/62273	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2015/dsa-3127	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62315	third-party-advisoryx_refsource_SECUNIA
	http://linux.oracle.com/errata/ELSA-2015-0046.html	x_refsource_CONFIRM
	http://secunia.com/advisories/62253	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031534	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:26:02.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:0046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
          },
          {
            "name": "62242",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62242"
          },
          {
            "name": "1031533",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031533"
          },
          {
            "name": "USN-2460-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2460-1"
          },
          {
            "name": "72047",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72047"
          },
          {
            "name": "openSUSE-SU-2015:0192",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
          },
          {
            "name": "62304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62304"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
          },
          {
            "name": "62259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62259"
          },
          {
            "name": "62250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62250"
          },
          {
            "name": "SUSE-SU-2015:0173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
          },
          {
            "name": "62237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62237"
          },
          {
            "name": "openSUSE-SU-2015:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
          },
          {
            "name": "62418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62418"
          },
          {
            "name": "SUSE-SU-2015:0171",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
          },
          {
            "name": "62316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62316"
          },
          {
            "name": "DSA-3132",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3132"
          },
          {
            "name": "62274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62274"
          },
          {
            "name": "GLSA-201504-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "62313",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62313"
          },
          {
            "name": "RHSA-2015:0047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
          },
          {
            "name": "62790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62790"
          },
          {
            "name": "62293",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62293"
          },
          {
            "name": "62283",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62283"
          },
          {
            "name": "firefox-cve20148638-csrf(99958)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
          },
          {
            "name": "62446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "62657",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62657"
          },
          {
            "name": "62273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62273"
          },
          {
            "name": "openSUSE-SU-2015:0133",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2015:1266",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
          },
          {
            "name": "DSA-3127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3127"
          },
          {
            "name": "SUSE-SU-2015:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
          },
          {
            "name": "62315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62315"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
          },
          {
            "name": "62253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62253"
          },
          {
            "name": "1031534",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031534"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "RHSA-2015:0046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
        },
        {
          "name": "62242",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62242"
        },
        {
          "name": "1031533",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031533"
        },
        {
          "name": "USN-2460-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2460-1"
        },
        {
          "name": "72047",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72047"
        },
        {
          "name": "openSUSE-SU-2015:0192",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
        },
        {
          "name": "62304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62304"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
        },
        {
          "name": "62259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62259"
        },
        {
          "name": "62250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62250"
        },
        {
          "name": "SUSE-SU-2015:0173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
        },
        {
          "name": "62237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62237"
        },
        {
          "name": "openSUSE-SU-2015:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
        },
        {
          "name": "62418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62418"
        },
        {
          "name": "SUSE-SU-2015:0171",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
        },
        {
          "name": "62316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62316"
        },
        {
          "name": "DSA-3132",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3132"
        },
        {
          "name": "62274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62274"
        },
        {
          "name": "GLSA-201504-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201504-01"
        },
        {
          "name": "62313",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62313"
        },
        {
          "name": "RHSA-2015:0047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
        },
        {
          "name": "62790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62790"
        },
        {
          "name": "62293",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62293"
        },
        {
          "name": "62283",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62283"
        },
        {
          "name": "firefox-cve20148638-csrf(99958)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
        },
        {
          "name": "62446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "name": "62657",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62657"
        },
        {
          "name": "62273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62273"
        },
        {
          "name": "openSUSE-SU-2015:0133",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
        },
        {
          "name": "openSUSE-SU-2015:1266",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
        },
        {
          "name": "DSA-3127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3127"
        },
        {
          "name": "SUSE-SU-2015:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
        },
        {
          "name": "62315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62315"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
        },
        {
          "name": "62253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62253"
        },
        {
          "name": "1031534",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031534"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-8638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:0046",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
            },
            {
              "name": "62242",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62242"
            },
            {
              "name": "1031533",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031533"
            },
            {
              "name": "USN-2460-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2460-1"
            },
            {
              "name": "72047",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72047"
            },
            {
              "name": "openSUSE-SU-2015:0192",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
            },
            {
              "name": "62304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62304"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
            },
            {
              "name": "62259",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62259"
            },
            {
              "name": "62250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62250"
            },
            {
              "name": "SUSE-SU-2015:0173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
            },
            {
              "name": "62237",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62237"
            },
            {
              "name": "openSUSE-SU-2015:0077",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
            },
            {
              "name": "62418",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62418"
            },
            {
              "name": "SUSE-SU-2015:0171",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
            },
            {
              "name": "62316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62316"
            },
            {
              "name": "DSA-3132",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3132"
            },
            {
              "name": "62274",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62274"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "62313",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62313"
            },
            {
              "name": "RHSA-2015:0047",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
            },
            {
              "name": "62790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62790"
            },
            {
              "name": "62293",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62293"
            },
            {
              "name": "62283",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62283"
            },
            {
              "name": "firefox-cve20148638-csrf(99958)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
            },
            {
              "name": "62446",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62446"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "62657",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62657"
            },
            {
              "name": "62273",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62273"
            },
            {
              "name": "openSUSE-SU-2015:0133",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2015:1266",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
            },
            {
              "name": "DSA-3127",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3127"
            },
            {
              "name": "SUSE-SU-2015:0180",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
            },
            {
              "name": "62315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62315"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
            },
            {
              "name": "62253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62253"
            },
            {
              "name": "1031534",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031534"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2014-8638",
    "datePublished": "2015-01-14T11:00:00.000Z",
    "dateReserved": "2014-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:26:02.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-38XR-6JM2-V69W

Vulnerability from github – Published: 2022-05-17 01:13 – Updated: 2022-05-17 01:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-14T11:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.",
  "id": "GHSA-38xr-6jm2-v69w",
  "modified": "2022-05-17T01:13:07Z",
  "published": "2022-05-17T01:13:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8638"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "type": "WEB",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62259"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62274"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62283"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62304"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62315"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62657"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3132"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72047"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031533"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031534"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2460-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-00365

Vulnerability from cnvd - Published: 2015-01-16

Title

Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon跨站请求伪造漏洞

Description

Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。 Mozilla Firefox/Thunderbird/SeaMonkey存在跨站请求伪造漏洞，允许远程攻击者利用漏洞执行某些未经授权的操作，并获得对受影响的应用程序的访问。

Severity

中

Patch Name

Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon跨站请求伪造漏洞的补丁

Patch Description

Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。Mozilla Firefox/Thunderbird/SeaMonkey存在跨站请求伪造漏洞，允许远程攻击者利用漏洞执行某些未经授权的操作，并获得对受影响的应用程序的访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.mozilla.org/en-US/ https://www.mozilla.org/zh-CN/thunderbird/ http://www.seamonkey-project.org/

Reference

http://www.securityfocus.com/bid/72047 https://www.mozilla.org/zh-CN/security/advisories/mfsa2015-03/

Impacted products

Name
['Mozilla Firefox ESR 31.4', 'Mozilla Firefox 35', 'Mozilla SeaMonkey 2.32', 'Mozilla Thunderbird 31.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72047"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8638"
    }
  },
  "description": "Firefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002 \r\n\r\nMozilla Firefox/Thunderbird/SeaMonkey\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5e76\u83b7\u5f97\u5bf9\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002",
  "discovererName": "Muneaki Nishimura",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.mozilla.org/en-US/\r\nhttps://www.mozilla.org/zh-CN/thunderbird/\r\nhttp://www.seamonkey-project.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00365",
  "openTime": "2015-01-16",
  "patchDescription": "Firefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002Mozilla Firefox/Thunderbird/SeaMonkey\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5e76\u83b7\u5f97\u5bf9\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox ESR 31.4",
      "Mozilla Firefox 35",
      "Mozilla SeaMonkey 2.32",
      "Mozilla Thunderbird 31.4"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/72047\r\nhttps://www.mozilla.org/zh-CN/security/advisories/mfsa2015-03/",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-15",
  "title": "Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CERTFR-2015-AVI-020

Vulnerability from certfr_avis - Published: 2015-01-14 - Updated: 2015-01-14

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	SeaMonkey versions antérieures à 2.32
Mozilla	Firefox	Firefox versions antérieures à 35
Mozilla	Thunderbird	ThunderBird versions antérieures à 31.4
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 31.4

References

Title

Publication Time

GSD-2014-8638

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8638

Aliases

CVE-2014-8638

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8638",
    "description": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.",
    "id": "GSD-2014-8638",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-8638.html",
      "https://www.debian.org/security/2015/dsa-3132",
      "https://www.debian.org/security/2015/dsa-3127",
      "https://access.redhat.com/errata/RHSA-2015:0047",
      "https://access.redhat.com/errata/RHSA-2015:0046",
      "https://ubuntu.com/security/CVE-2014-8638",
      "https://advisories.mageia.org/CVE-2014-8638.html",
      "https://linux.oracle.com/cve/CVE-2014-8638.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8638"
      ],
      "details": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.",
      "id": "GSD-2014-8638",
      "modified": "2023-12-13T01:22:49.005766Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2014-8638",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2015:0046",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
          },
          {
            "name": "62242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62242"
          },
          {
            "name": "1031533",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031533"
          },
          {
            "name": "USN-2460-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2460-1"
          },
          {
            "name": "72047",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72047"
          },
          {
            "name": "openSUSE-SU-2015:0192",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
          },
          {
            "name": "62304",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62304"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
          },
          {
            "name": "62259",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62259"
          },
          {
            "name": "62250",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62250"
          },
          {
            "name": "SUSE-SU-2015:0173",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
          },
          {
            "name": "62237",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62237"
          },
          {
            "name": "openSUSE-SU-2015:0077",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
          },
          {
            "name": "62418",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62418"
          },
          {
            "name": "SUSE-SU-2015:0171",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
          },
          {
            "name": "62316",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62316"
          },
          {
            "name": "DSA-3132",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3132"
          },
          {
            "name": "62274",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62274"
          },
          {
            "name": "GLSA-201504-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201504-01"
          },
          {
            "name": "62313",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62313"
          },
          {
            "name": "RHSA-2015:0047",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
          },
          {
            "name": "62790",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62790"
          },
          {
            "name": "62293",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62293"
          },
          {
            "name": "62283",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62283"
          },
          {
            "name": "firefox-cve20148638-csrf(99958)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
          },
          {
            "name": "62446",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62446"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "name": "62657",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62657"
          },
          {
            "name": "62273",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62273"
          },
          {
            "name": "openSUSE-SU-2015:0133",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2015:1266",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
          },
          {
            "name": "DSA-3127",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3127"
          },
          {
            "name": "SUSE-SU-2015:0180",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
          },
          {
            "name": "62315",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62315"
          },
          {
            "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
            "refsource": "CONFIRM",
            "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
          },
          {
            "name": "62253",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62253"
          },
          {
            "name": "1031534",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031534"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "31.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "34.0.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.31",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2014-8638"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
            },
            {
              "name": "62242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62242"
            },
            {
              "name": "62250",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62250"
            },
            {
              "name": "1031533",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031533"
            },
            {
              "name": "62237",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62237"
            },
            {
              "name": "62446",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62446"
            },
            {
              "name": "62790",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62790"
            },
            {
              "name": "62657",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62657"
            },
            {
              "name": "DSA-3127",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3127"
            },
            {
              "name": "openSUSE-SU-2015:0133",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
            },
            {
              "name": "RHSA-2015:0046",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
            },
            {
              "name": "DSA-3132",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3132"
            },
            {
              "name": "USN-2460-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2460-1"
            },
            {
              "name": "RHSA-2015:0047",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
            },
            {
              "name": "openSUSE-SU-2015:0077",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
            },
            {
              "name": "openSUSE-SU-2015:0192",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
            },
            {
              "name": "SUSE-SU-2015:0171",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
            },
            {
              "name": "SUSE-SU-2015:0173",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
            },
            {
              "name": "SUSE-SU-2015:0180",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "GLSA-201504-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201504-01"
            },
            {
              "name": "openSUSE-SU-2015:1266",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
            },
            {
              "name": "1031534",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031534"
            },
            {
              "name": "72047",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/72047"
            },
            {
              "name": "62418",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62418"
            },
            {
              "name": "62316",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62316"
            },
            {
              "name": "62315",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62315"
            },
            {
              "name": "62313",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62313"
            },
            {
              "name": "62304",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62304"
            },
            {
              "name": "62293",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62293"
            },
            {
              "name": "62283",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62283"
            },
            {
              "name": "62274",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62274"
            },
            {
              "name": "62273",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62273"
            },
            {
              "name": "62259",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62259"
            },
            {
              "name": "62253",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62253"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
            },
            {
              "name": "firefox-cve20148638-csrf(99958)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-14T11:59Z"
    }
  }
}

FKIE_CVE-2014-8638

Vulnerability from fkie_nvd - Published: 2015-01-14 11:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
security@mozilla.org	http://linux.oracle.com/errata/ELSA-2015-0046.html
security@mozilla.org	http://linux.oracle.com/errata/ELSA-2015-0047.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
security@mozilla.org	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
security@mozilla.org	http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2015-0046.html
security@mozilla.org	http://rhn.redhat.com/errata/RHSA-2015-0047.html
security@mozilla.org	http://secunia.com/advisories/62237
security@mozilla.org	http://secunia.com/advisories/62242
security@mozilla.org	http://secunia.com/advisories/62250
security@mozilla.org	http://secunia.com/advisories/62253
security@mozilla.org	http://secunia.com/advisories/62259
security@mozilla.org	http://secunia.com/advisories/62273
security@mozilla.org	http://secunia.com/advisories/62274
security@mozilla.org	http://secunia.com/advisories/62283
security@mozilla.org	http://secunia.com/advisories/62293
security@mozilla.org	http://secunia.com/advisories/62304
security@mozilla.org	http://secunia.com/advisories/62313
security@mozilla.org	http://secunia.com/advisories/62315
security@mozilla.org	http://secunia.com/advisories/62316
security@mozilla.org	http://secunia.com/advisories/62418
security@mozilla.org	http://secunia.com/advisories/62446
security@mozilla.org	http://secunia.com/advisories/62657
security@mozilla.org	http://secunia.com/advisories/62790
security@mozilla.org	http://www.debian.org/security/2015/dsa-3127
security@mozilla.org	http://www.debian.org/security/2015/dsa-3132
security@mozilla.org	http://www.mozilla.org/security/announce/2014/mfsa2015-03.html	Vendor Advisory
security@mozilla.org	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
security@mozilla.org	http://www.securityfocus.com/bid/72047
security@mozilla.org	http://www.securitytracker.com/id/1031533
security@mozilla.org	http://www.securitytracker.com/id/1031534
security@mozilla.org	http://www.ubuntu.com/usn/USN-2460-1
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1080987
security@mozilla.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/99958
security@mozilla.org	https://security.gentoo.org/glsa/201504-01
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2015-0046.html
af854a3a-2127-422b-91ae-364da2661108	http://linux.oracle.com/errata/ELSA-2015-0047.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0046.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0047.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62237
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62242
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62250
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62253
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62259
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62273
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62274
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62283
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62293
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62304
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62313
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62315
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62316
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62418
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62446
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62657
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62790
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3127
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3132
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2014/mfsa2015-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72047
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031533
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031534
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2460-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1080987
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99958
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201504-01

Impacted products

Vendor	Product	Version
mozilla	firefox	31.0
mozilla	firefox	31.1.0
mozilla	firefox	31.1.1
mozilla	firefox	31.3.0
mozilla	firefox_esr	31.2
mozilla	thunderbird	*
mozilla	firefox	*
mozilla	seamonkey	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11F024A-A8B7-405B-8A13-4BF406FBDB22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D81A3698-797C-4CD9-BB02-A9182E0A6E11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E8D7C7-B578-4623-9EA2-D13965DBE1F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E5D043-71F8-4A61-BEA4-176153E26FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6A581F-0EB4-4DA9-AE5E-1F982DBBDB16",
              "versionEndIncluding": "31.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48BDA1BA-1A04-4CD5-850A-0AB5990DAEA1",
              "versionEndIncluding": "34.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E929387-65C1-4D6E-976D-8DB6EEBDD58A",
              "versionEndIncluding": "2.31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n navigator.sendBeacon en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 omite la cabecera CORS Origin, lo que permite a atacantes remotos evadir las comprobaciones del control de acceso a CORS y realizar ataques de CSRF a trav\u00e9s de un sitio web manipulado."
    }
  ],
  "id": "CVE-2014-8638",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-14T11:59:07.163",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62259"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62274"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62283"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62304"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62315"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62657"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.debian.org/security/2015/dsa-3132"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/bid/72047"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1031533"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1031534"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.ubuntu.com/usn/USN-2460-1"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2460-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201504-01"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8638 (GCVE-0-2014-8638)

GHSA-38XR-6JM2-V69W

CNVD-2015-00365

CERTFR-2015-AVI-020

Solution

GSD-2014-8638

FKIE_CVE-2014-8638

Tags

Sightings

Nomenclature