Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 37 | |
firefox esr | lt | 31.6 | |
firefox os | lt | 2.2 | |
seamonkey | lt | 2.35 | |
thunderbird | lt | 31.6 |