Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2013-06-26T01:00:00
Updated: 2024-08-06T15:13:31.648Z
Reserved: 2013-02-13T00:00:00
Link: CVE-2013-1692
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-06-26T03:19:10.810
Modified: 2017-09-19T01:36:11.030
Link: CVE-2013-1692
Redhat