suse · CVE-2014-8639

Quick triage

Priority: medium Published: 2021-05-30 13:24:14 UTC Updated: 2026-04-18 18:32:46 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-8639 severity moderate: SUSE including 149 source package names (MozillaFirefox, MozillaFirefox-102.11.0-150200.152.87.1, …), 319 product×package rows across 81 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (81 product lines)): Fixed 288, Known Not Affected 31.

Description:

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

cvelogic Threat Intelligence