Your submission was sent successfully! Close

CVE-2015-0807

Published: 01 April 2015

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (37.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [37.0+build2-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (31.6.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:31.6.0+build1-0ubuntu0.14.04.1])