Lucene search

K

PRIOn knowledge basePRION:CVE-2014-8638

HistoryJan 14, 2015 - 11:59 a.m.

Cross site request forgery (csrf)

2015-01-1411:59:00

PRIOn knowledge base

www.prio-n.com

5

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.

CPENameOperatorVersion
firefoxle34.0.5
firefox_esreq31.3.0
firefox_esreq31.1.1
firefox_esreq31.1.0
firefox_esreq31.2
firefox_esreq31.0
seamonkeyle2.31
thunderbirdle31.3.0

References

linux.oracle.com/errata/ELSA-2015-0046.html

linux.oracle.com/errata/ELSA-2015-0047.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-updates/2015-01/msg00071.html

rhn.redhat.com/errata/RHSA-2015-0046.html

rhn.redhat.com/errata/RHSA-2015-0047.html

secunia.com/advisories/62237

secunia.com/advisories/62242

secunia.com/advisories/62250

secunia.com/advisories/62253

secunia.com/advisories/62259

secunia.com/advisories/62273

secunia.com/advisories/62274

secunia.com/advisories/62283

secunia.com/advisories/62293

secunia.com/advisories/62304

secunia.com/advisories/62313

secunia.com/advisories/62315

secunia.com/advisories/62316

secunia.com/advisories/62418

secunia.com/advisories/62446

secunia.com/advisories/62657

secunia.com/advisories/62790

www.debian.org/security/2015/dsa-3127

www.debian.org/security/2015/dsa-3132

www.mozilla.org/security/announce/2014/mfsa2015-03.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/72047

www.securitytracker.com/id/1031533

www.securitytracker.com/id/1031534

www.ubuntu.com/usn/USN-2460-1

bugzilla.mozilla.org/show_bug.cgi?id=1080987

exchange.xforce.ibmcloud.com/vulnerabilities/99958

security.gentoo.org/glsa/201504-01

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

Related for PRION:CVE-2014-8638

cve2 openvas41 ubuntucve2 veracode1 mozilla1 prion1 oraclelinux2 redhat2 nessus35 centos2 ubuntu4 debian2 osv2 archlinux2 mageia3 suse8 freebsd1 securityvulns1 ibm1 gentoo1