CVE-2014-8638 (retired)

Priority
Description
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0,
Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before
2.32 omits the CORS Origin header, which allows remote attackers to bypass
intended CORS access-control checks and conduct cross-site request forgery
(CSRF) attacks via a crafted web site.
Assigned-to
chrisccoulson
Package
Upstream:released (35.0)
Package
Priority: Low
Upstream:released (31.4.0)
More Information

Updated: 2019-08-23 09:04:39 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)