Mozilla Thunderbird CVE-2015-0807 Cross Site Request Forgery Vulnerability

description-logoDescription

Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites.

affected-products-logoAffected Applications

Thunderbird

CVE References

CVE-2015-0807