Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CNVD-2015-00365
Vulnerability from cnvd - Published: 2015-01-16
VLAI Severity ?
Title
Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon跨站请求伪造漏洞
Description
Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。
Mozilla Firefox/Thunderbird/SeaMonkey存在跨站请求伪造漏洞,允许远程攻击者利用漏洞执行某些未经授权的操作,并获得对受影响的应用程序的访问。
Severity
中
Patch Name
Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon跨站请求伪造漏洞的补丁
Patch Description
Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。Mozilla Firefox/Thunderbird/SeaMonkey存在跨站请求伪造漏洞,允许远程攻击者利用漏洞执行某些未经授权的操作,并获得对受影响的应用程序的访问。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://www.mozilla.org/en-US/ https://www.mozilla.org/zh-CN/thunderbird/ http://www.seamonkey-project.org/
Reference
http://www.securityfocus.com/bid/72047
https://www.mozilla.org/zh-CN/security/advisories/mfsa2015-03/
Impacted products
| Name | ['Mozilla Firefox ESR 31.4', 'Mozilla Firefox 35', 'Mozilla SeaMonkey 2.32', 'Mozilla Thunderbird 31.4'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "72047"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2014-8638"
}
},
"description": "Firefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002 \r\n\r\nMozilla Firefox/Thunderbird/SeaMonkey\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5e76\u83b7\u5f97\u5bf9\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002",
"discovererName": "Muneaki Nishimura",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.mozilla.org/en-US/\r\nhttps://www.mozilla.org/zh-CN/thunderbird/\r\nhttp://www.seamonkey-project.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-00365",
"openTime": "2015-01-16",
"patchDescription": "Firefox/Thunderbird/SeaMonkey\u662fMozilla\u6240\u53d1\u5e03\u7684WEB\u6d4f\u89c8\u5668\u548c\u90ae\u4ef6/\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3002Mozilla Firefox/Thunderbird/SeaMonkey\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5e76\u83b7\u5f97\u5bf9\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox ESR 31.4",
"Mozilla Firefox 35",
"Mozilla SeaMonkey 2.32",
"Mozilla Thunderbird 31.4"
]
},
"referenceLink": "http://www.securityfocus.com/bid/72047\r\nhttps://www.mozilla.org/zh-CN/security/advisories/mfsa2015-03/",
"serverity": "\u4e2d",
"submitTime": "2015-01-15",
"title": "Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
CVE-2014-8638 (GCVE-0-2014-8638)
Vulnerability from cvelistv5 – Published: 2015-01-14 11:00 – Updated: 2024-08-06 13:26
VLAI?
EPSS
Summary
The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
},
{
"name": "62242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62242"
},
{
"name": "1031533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031533"
},
{
"name": "USN-2460-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2460-1"
},
{
"name": "72047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72047"
},
{
"name": "openSUSE-SU-2015:0192",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name": "62304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
},
{
"name": "62259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62259"
},
{
"name": "62250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62250"
},
{
"name": "SUSE-SU-2015:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "62237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62237"
},
{
"name": "openSUSE-SU-2015:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name": "62418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62418"
},
{
"name": "SUSE-SU-2015:0171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
},
{
"name": "62316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62316"
},
{
"name": "DSA-3132",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3132"
},
{
"name": "62274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62274"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "62313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62313"
},
{
"name": "RHSA-2015:0047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
},
{
"name": "62790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62790"
},
{
"name": "62293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62293"
},
{
"name": "62283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62283"
},
{
"name": "firefox-cve20148638-csrf(99958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
},
{
"name": "62446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62657"
},
{
"name": "62273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62273"
},
{
"name": "openSUSE-SU-2015:0133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "DSA-3127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3127"
},
{
"name": "SUSE-SU-2015:0180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"name": "62315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62315"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
},
{
"name": "62253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62253"
},
{
"name": "1031534",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "RHSA-2015:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
},
{
"name": "62242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62242"
},
{
"name": "1031533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031533"
},
{
"name": "USN-2460-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2460-1"
},
{
"name": "72047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72047"
},
{
"name": "openSUSE-SU-2015:0192",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name": "62304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
},
{
"name": "62259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62259"
},
{
"name": "62250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62250"
},
{
"name": "SUSE-SU-2015:0173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "62237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62237"
},
{
"name": "openSUSE-SU-2015:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name": "62418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62418"
},
{
"name": "SUSE-SU-2015:0171",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
},
{
"name": "62316",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62316"
},
{
"name": "DSA-3132",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3132"
},
{
"name": "62274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62274"
},
{
"name": "GLSA-201504-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "62313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62313"
},
{
"name": "RHSA-2015:0047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
},
{
"name": "62790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62790"
},
{
"name": "62293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62293"
},
{
"name": "62283",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62283"
},
{
"name": "firefox-cve20148638-csrf(99958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
},
{
"name": "62446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62657"
},
{
"name": "62273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62273"
},
{
"name": "openSUSE-SU-2015:0133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
},
{
"name": "openSUSE-SU-2015:1266",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "DSA-3127",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3127"
},
{
"name": "SUSE-SU-2015:0180",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"name": "62315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62315"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
},
{
"name": "62253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62253"
},
{
"name": "1031534",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031534"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-8638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0046",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
},
{
"name": "62242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62242"
},
{
"name": "1031533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031533"
},
{
"name": "USN-2460-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2460-1"
},
{
"name": "72047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72047"
},
{
"name": "openSUSE-SU-2015:0192",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name": "62304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62304"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
},
{
"name": "62259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62259"
},
{
"name": "62250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62250"
},
{
"name": "SUSE-SU-2015:0173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
},
{
"name": "62237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62237"
},
{
"name": "openSUSE-SU-2015:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name": "62418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62418"
},
{
"name": "SUSE-SU-2015:0171",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1080987"
},
{
"name": "62316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62316"
},
{
"name": "DSA-3132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3132"
},
{
"name": "62274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62274"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "62313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62313"
},
{
"name": "RHSA-2015:0047",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2015-03.html"
},
{
"name": "62790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62790"
},
{
"name": "62293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62293"
},
{
"name": "62283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62283"
},
{
"name": "firefox-cve20148638-csrf(99958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99958"
},
{
"name": "62446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62446"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62657"
},
{
"name": "62273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62273"
},
{
"name": "openSUSE-SU-2015:0133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "DSA-3127",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3127"
},
{
"name": "SUSE-SU-2015:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
},
{
"name": "62315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62315"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
},
{
"name": "62253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62253"
},
{
"name": "1031534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031534"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2014-8638",
"datePublished": "2015-01-14T11:00:00",
"dateReserved": "2014-11-06T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…