CVE-2013-1692

Priority
Description
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the
inclusion of body data in an XMLHttpRequest HEAD request, which makes it
easier for remote attackers to conduct cross-site request forgery (CSRF)
attacks via a crafted web site.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (22.0)
Package
Upstream:needs-triage
Package
Priority: Low
Upstream:released (17.0.7)
Package
Upstream:needs-triage
More Information

Updated: 2020-03-18 22:11:57 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)