mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
941 B
941 B
CVE-2015-0807
Description
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.ubuntu.com/usn/USN-2550-1
Github
No PoCs found on GitHub currently.