CVE-2014-8638

🗓️ 14 Jan 2015 11:00:00Reported by mozillaType

Navigator.sendBeacon in Mozilla Firefox before 35.0 and other products omits CORS Origin header, enabling CSRF attacks

Reporter	Title	Published	Views	Family All 121
Tenable Nessus	Mozilla Firefox ESR < 31.4 Multiple Vulnerabilities	6 Nov 201900:00	–	nessus
Tenable Nessus	Mozilla Firefox < 35.0 Multiple Vulnerabilities	16 Jan 201500:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 31.4 Multiple Vulnerabilities	16 Jan 201500:00	–	nessus
Tenable Nessus	SeaMonkey < 2.32 Multiple Vulnerabilities	16 Jan 201500:00	–	nessus
Tenable Nessus	CentOS 5 / 6 / 7 : firefox / xulrunner (CESA-2015:0046)	15 Jan 201500:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : thunderbird (CESA-2015:0047)	15 Jan 201500:00	–	nessus
Tenable Nessus	Debian DSA-3127-1 : iceweasel - security update	15 Jan 201500:00	–	nessus
Tenable Nessus	Debian DSA-3132-1 : icedove - security update	20 Jan 201500:00	–	nessus
Tenable Nessus	FreeBSD : mozilla -- multiple vulnerabilities (bd62c640-9bb9-11e4-a5ad-000c297fb80f)	15 Jan 201500:00	–	nessus
Tenable Nessus	GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities	8 Apr 201500:00	–	nessus

NVD

Node

Node

Node

mozilla firefoxRange≤34.0.5

Node

Source	Link
secunia	www.secunia.com/advisories/62304
securityfocus	www.securityfocus.com/bid/72047
secunia	www.secunia.com/advisories/62313
mozilla	www.mozilla.org/security/announce/2014/mfsa2015-03.html
secunia	www.secunia.com/advisories/62250
secunia	www.secunia.com/advisories/62316
lists	www.lists.opensuse.org/opensuse-updates/2015-01/msg00071.html
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
linux	www.linux.oracle.com/errata/ELSA-2015-0047.html
secunia	www.secunia.com/advisories/62315

06 May 2026 22:30Current

9.1High risk

Vulners AI Score9.1

CVSS 26.8

EPSS0.00496