VYPR
Unrated severityNVD Advisory· Published Jan 14, 2015· Updated Jun 17, 2026

CVE-2014-8639

CVE-2014-8639

Description

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14

Patches

Vulnerability mechanics

References

39

News mentions

0

No linked articles in our index yet.