Lucene search
Mozilla FoundationMFSA2015-37HistoryMar 31, 2015 - 12:00 a.m.
CORS requests should not follow 30x redirections after preflight — Mozilla
2015-03-3100:00:00
Mozilla Foundation
www.mozilla.org
27
0.003 Low
EPSS
Percentile
71.0%
Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 37 | |
| firefox esr | lt | 31.6 | |
| firefox os | lt | 2.2 | |
| seamonkey | lt | 2.35 | |
| thunderbird | lt | 31.6 |
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-37) - Linux
2021-11-11 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Apr 2015) - Windows
2015-04-06 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
2015-04-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-04-01 10:59:00
cve
cve
CVE-2015-0807
2015-04-01 10:59:00
cvelist
cvelist
CVE-2015-0807
2015-04-01 10:00:00
ubuntucve
ubuntucve
CVE-2015-0807
2015-04-01 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : thunderbird (ELSA-2015-0771)
2015-04-02 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)
2015-04-02 00:00:00
Debian DSA-3212-1 : icedove - security update
2015-04-03 00:00:00
redhat
redhat
(RHSA-2015:0766) Critical: firefox security update
2015-03-31 00:00:00
(RHSA-2015:0771) Important: thunderbird security update
2015-04-01 00:00:00
archlinux
archlinux
thunderbird: multiple issues
2015-04-04 00:00:00
firefox: multiple issues
2015-04-01 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-04-01 00:00:00
thunderbird security update
2015-04-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:58
Arbitrary Code Execution
2019-05-02 05:12:58
Cross-Site Request Forgery (CSRF)
2019-05-02 05:12:57
debian
debian
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3212-1] icedove security update
2015-04-02 20:36:41
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:41
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-04-02 00:00:00
Firefox vulnerabilities
2015-04-01 00:00:00
centos
centos
thunderbird security update
2015-04-01 14:33:26
firefox, xulrunner security update
2015-03-31 23:44:15
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
suse
suse
Security update for MozillaFirefox (important)
2015-04-10 17:04:55
Security update for MozillaFirefox (important)
2015-04-10 18:04:46
Update to Firefox 31.7.0esr (important)
2015-05-18 13:04:51
kaspersky
kaspersky
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00