CVE-2015-0807

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 37.0 Mozilla Firefox ESR versions prior to 31.6 Thunderbird versions prior to 31.6

Description The issue is related to the navigator.sendBeacon function and its handling of HTTP 30x status codes. This allows a remote attacker to bypass CORS access-control checks and conduct cross-site request forgery attacks using a specially crafted web site. The exploitation of this issue enables an attacker to circumvent intended security controls, potentially leading to unauthorized actions on behalf of the user.

Recommendations For Mozilla Firefox versions prior to 37.0, update to version 37.0 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 31.6, update to version 31.6 or later to resolve the issue. For Thunderbird versions prior to 31.6, update to version 31.6 or later to resolve the issue. As a temporary workaround, consider disabling the navigator.sendBeacon function until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation. Avoid using the navigator.sendBeacon function in scenarios where CORS checks are crucial until the issue is resolved.