6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.1%
01/13/2015
High
Improper interpretation of HTTP headers was found in Mozilla products. By exploiting this vulnerability malicious users can inject cookie. This vulnerability can be exploited via specially designed HTTP headers.
Mozilla Firefox earlier than 35
Mozilla Firefox ESR earlier than 31.4
Mozilla SeaMonkey earlier than 2.32
Mozilla Thunderbird earlier than 31.4
Update to latest version
Get Thunderbird
Get Firefox
Get SeaMonkey
CI
CVE-2014-86396.8High
www.seamonkey-project.org/releases/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Mozilla-Firefox-ESR/
threats.kaspersky.com/en/product/Mozilla-Firefox/
threats.kaspersky.com/en/product/Mozilla-SeaMonkey/
threats.kaspersky.com/en/product/Mozilla-Thunderbird/
www.mozilla.org/en-US/firefox/new/
www.mozilla.org/en-US/security/advisories/mfsa2015-04/
www.mozilla.org/en-US/thunderbird/