Mozilla Firefox ESR CVE-2014-8639 Vulnerability


Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read.

affected-products-logoAffected Applications

Firefox ESR

CVE References
