Mozilla Thunderbird CVE-2014-8639 Vulnerability

description-logoDescription

Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read.

affected-products-logoAffected Applications

Thunderbird

CVE References

CVE-2014-8639