CVE-2014-8639

Currently unrated

Key Information:

Vendor: Mozilla
Status: Seamonkey
Vendor: CVE Published:; 14 January 2015

Summary

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

References

http://rhn.redhat.com/errata/RHSA-2015-0046.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/62242

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1031533

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 14, 2015
Vulnerability Reserved
Nov 6, 2014