Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Mozilla产品navigator.sendBeacon 跨站请求伪造漏洞
Vulnerability Description
Mozilla Firefox、Firefox ESR和Thunderbird都是由美国Mozilla基金会开发的产品。Firefox是一款开源Web浏览器,Firefox ESR是Firefox的一个延长支持版本。Thunderbird是从Mozilla Application Suite中独立出来的一套电子邮件客户端软件。 多款Mozilla产品的navigator.sendBeacon实现过程中存在安全漏洞,该漏洞源于程序在preflight请求发送后,处理用于重定向的HTTP 30x状态代码。远程
CVSS Information
N/A
Vulnerability Type
N/A