CVE - CVE-2014-8639

CVE-ID
CVE-2014-8639	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:72046 URL:http://www.securityfocus.com/bid/72046 CONFIRM:http://linux.oracle.com/errata/ELSA-2015-0046.html CONFIRM:http://linux.oracle.com/errata/ELSA-2015-0047.html CONFIRM:http://www.mozilla.org/security/announce/2014/mfsa2015-04.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1095859 DEBIAN:DSA-3127 URL:http://www.debian.org/security/2015/dsa-3127 DEBIAN:DSA-3132 URL:http://www.debian.org/security/2015/dsa-3132 GENTOO:GLSA-201504-01 URL:https://security.gentoo.org/glsa/201504-01 REDHAT:RHSA-2015:0046 URL:http://rhn.redhat.com/errata/RHSA-2015-0046.html REDHAT:RHSA-2015:0047 URL:http://rhn.redhat.com/errata/RHSA-2015-0047.html SECTRACK:1031533 URL:http://www.securitytracker.com/id/1031533 SECTRACK:1031534 URL:http://www.securitytracker.com/id/1031534 SECUNIA:62237 URL:http://secunia.com/advisories/62237 SECUNIA:62242 URL:http://secunia.com/advisories/62242 SECUNIA:62250 URL:http://secunia.com/advisories/62250 SECUNIA:62253 URL:http://secunia.com/advisories/62253 SECUNIA:62259 URL:http://secunia.com/advisories/62259 SECUNIA:62273 URL:http://secunia.com/advisories/62273 SECUNIA:62274 URL:http://secunia.com/advisories/62274 SECUNIA:62283 URL:http://secunia.com/advisories/62283 SECUNIA:62293 URL:http://secunia.com/advisories/62293 SECUNIA:62304 URL:http://secunia.com/advisories/62304 SECUNIA:62313 URL:http://secunia.com/advisories/62313 SECUNIA:62315 URL:http://secunia.com/advisories/62315 SECUNIA:62316 URL:http://secunia.com/advisories/62316 SECUNIA:62418 URL:http://secunia.com/advisories/62418 SECUNIA:62446 URL:http://secunia.com/advisories/62446 SECUNIA:62657 URL:http://secunia.com/advisories/62657 SECUNIA:62790 URL:http://secunia.com/advisories/62790 SUSE:SUSE-SU-2015:0171 URL:http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html SUSE:SUSE-SU-2015:0173 URL:http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html SUSE:SUSE-SU-2015:0180 URL:http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html SUSE:openSUSE-SU-2015:0077 URL:http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html SUSE:openSUSE-SU-2015:0133 URL:http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html SUSE:openSUSE-SU-2015:0192 URL:http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html SUSE:openSUSE-SU-2015:1266 URL:http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html UBUNTU:USN-2460-1 URL:http://www.ubuntu.com/usn/USN-2460-1 XF:firefox-cve20148639-session-hijacking(99959) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/99959
Assigning CNA
Mozilla Corporation
Date Record Created
20141106	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20141106)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)