Bug 913068 (CVE-2014-8638)

Summary: VUL-0: CVE-2014-8638: MozillaFirefox: sendBeacon requests lack an Origin header (MFSA 2015-03)
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/112326/
Whiteboard: maint:released:sle10-sp3:60233 maint:released:sle11-sp3:60400
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 910669, 925398    
Bug Blocks:    

Description Victor Pereira 2015-01-14 10:35:17 UTC 
CVE-2014-8638

Security researcher Muneaki Nishimura reported that navigator.sendBeacon() does not follow the cross-origin resource sharing (CORS) specification. This results in the request from sendBeacon() lacking an origin header in violation of the W3C Beacon specification and not being treated as a CORS request. This allows for a potential Cross-site request forgery (XSRF) attack from malicious websites.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.



References:
http://www.mozilla.org/security/announce/2015/mfsa2015-03.html
https://bugzilla.redhat.com/show_bug.cgi?id=1180966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8638
https://rhn.redhat.com/errata/RHSA-2015-0047.html
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
Comment 1 Swamp Workflow Management 2015-01-14 23:02:13 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-01-15 10:15:09 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60231
Comment 3 Swamp Workflow Management 2015-01-31 00:10:19 UTC 
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104
CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
Comment 4 Marcus Meissner 2015-02-02 14:19:07 UTC 
released