The navigator.sendBeacon implementation in Mozilla Firefox prior to 35.0, Firefox ESR 31.x prior to 31.4, Thunderbird prior to 31.4, and SeaMonkey prior to 2.32 omits the CORS Origin header, which allows remote malicious users to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox esr 31.3.0 |
||
mozilla firefox esr 31.1.0 |
||
mozilla firefox esr 31.0 |
||
mozilla firefox esr 31.2 |
||
mozilla firefox esr 31.1.1 |
||
mozilla thunderbird |
||
mozilla firefox |
||
mozilla seamonkey |