Mozilla SeaMonkey CVE-2014-8638 Cross Site Request Forgery Vulnerability

description-logoDescription

Security researcher Muneaki Nishimura reported that navigator.sendBeacon() does not follow the cross-origin resource sharing (CORS) specification. This results in the request from sendBeacon() lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request. This allows for a potential Cross-site request forgery (XSRF) attack from malicious websites.

affected-products-logoAffected Applications

SeaMonkey

CVE References

CVE-2014-8638