Уязвимость CVE-2014-8638

Пакет	Статус	Версия исправления	Релиз	Тип
iceweasel	fixed	31.4.0esr-1		package
iceweasel	end-of-life		squeeze	package
icedove	fixed	31.4.0-1		package
icedove	end-of-life		squeeze	package

CVE-2014-8638

ubuntu

около 11 лет назад

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

CVE-2014-8638

redhat

около 11 лет назад

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

CVE-2014-8638

nvd

около 11 лет назад

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

GHSA-38xr-6jm2-v69w

github

больше 3 лет назад

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

ELSA-2015-0047

oracle-oval

около 11 лет назад

ELSA-2015-0047: thunderbird security update (IMPORTANT)

exploitDog

CVE-2014-8638

Описание

Пакеты

Примечания

Связанные уязвимости