6.8
CVSSv2

CVE-2015-0807

Published: 01/04/2015 Updated: 03/01/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The navigator.sendBeacon implementation in Mozilla Firefox prior to 37.0, Firefox ESR 31.x prior to 31.6, and Thunderbird prior to 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote malicious users to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox esr 31.0

mozilla firefox esr 31.1

mozilla firefox esr 31.1.0

mozilla firefox esr 31.1.1

mozilla firefox esr 31.2

mozilla firefox esr 31.3

mozilla firefox esr 31.3.0

mozilla firefox esr 31.4

mozilla firefox esr 31.5

mozilla firefox esr 31.5.1

mozilla firefox esr 31.5.2

mozilla firefox esr 31.5.3

mozilla thunderbird

Vendor Advisories

A flaw was found in the Beacon interface implementation in Firefox A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack ...
CORS requests should not follow 30x redirections after preflight Announced March 31, 2015 Reporter Christoph Kerschbaumer, Muneaki Nishimura Impact High Products Firefox, Firefox ESR, Firefox OS, SeaMonk ...
Several security issues were fixed in Thunderbird ...
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions or denial of service For the stable distribution (wheezy), these problems have ...
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, denial of service or cross-site request forgery For the stable distribution (whe ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - April 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when ...