Bug 913066 (CVE-2014-8639)

Summary: VUL-0: CVE-2014-8639: MozillaFirefox: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/112327/
Whiteboard: maint:released:sle10-sp3:60233 maint:released:sle11-sp3:60400
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 910669    
Bug Blocks:    

Description Victor Pereira 2015-01-14 10:32:07 UTC
CVE-2014-8639

Security researcher Xiaofeng Zheng of the Blue Lotus Team at Tsinghua University reported reported that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read.

In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.


References:
http://www.mozilla.org/security/announce/2015/mfsa2015-04.html
https://bugzilla.redhat.com/show_bug.cgi?id=1180967
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8639
https://rhn.redhat.com/errata/RHSA-2015-0047.html
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
Comment 1 Swamp Workflow Management 2015-01-14 23:01:53 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-01-15 10:15:38 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60231
Comment 3 Swamp Workflow Management 2015-01-31 00:10:00 UTC
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104
CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
Comment 4 Marcus Meissner 2015-02-02 14:18:55 UTC
released