Bug 913068 (CVE-2014-8638) - VUL-0: CVE-2014-8638: MozillaFirefox: sendBeacon requests lack an Origin header (MFSA 2015-03)
Summary: VUL-0: CVE-2014-8638: MozillaFirefox: sendBeacon requests lack an Origin head...
Status: RESOLVED FIXED
Alias: CVE-2014-8638
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2015-01-22
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/112326/
Whiteboard: maint:released:sle10-sp3:60233 maint...
Keywords:
Depends on: 910669 CVE-2015-0807
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-14 10:35 UTC by Victor Pereira
Modified: 2015-04-01 10:33 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-01-14 10:35:17 UTC 
CVE-2014-8638

Security researcher Muneaki Nishimura reported that navigator.sendBeacon() does not follow the cross-origin resource sharing (CORS) specification. This results in the request from sendBeacon() lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request. This allows for a potential Cross-site request forgery (XSRF) attack from malicious websites.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.



References:
http://www.mozilla.org/security/announce/2015/mfsa2015-03.html
https://bugzilla.redhat.com/show_bug.cgi?id=1180966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8638
https://rhn.redhat.com/errata/RHSA-2015-0047.html
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
Comment 1 Swamp Workflow Management 2015-01-14 23:02:13 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-01-15 10:15:09 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60231
Comment 3 Swamp Workflow Management 2015-01-31 00:10:19 UTC 
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104
CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
Comment 4 Marcus Meissner 2015-02-02 14:19:07 UTC 
released