CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type Values Removed Values Added
References () http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html - () http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html -
References () http://marc.info/?l=bugtraq&m=109536612321898&w=2 - () http://marc.info/?l=bugtraq&m=109536612321898&w=2 -
References () http://secunia.com/advisories/12580/ - () http://secunia.com/advisories/12580/ -
References () http://securitytracker.com/id?1011331 - () http://securitytracker.com/id?1011331 -
References () http://www.securityfocus.com/bid/11186 - Vendor Advisory () http://www.securityfocus.com/bid/11186 - Vendor Advisory
References () https://bugzilla.mozilla.org/show_bug.cgi?id=252342 - () https://bugzilla.mozilla.org/show_bug.cgi?id=252342 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 -

23 Jul 2021, 12:55

Type Values Removed Values Added
CPE cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Information

Published : 2004-12-23 05:00

Updated : 2024-11-20 23:49


NVD link : CVE-2004-0867

Mitre link : CVE-2004-0867

CVE.ORG link : CVE-2004-0867


JSON object : View

Products Affected

suse

  • suse_linux

mozilla

  • firefox

microsoft

  • internet_explorer
  • ie

kde

  • konqueror
CWE
CWE-264

Permissions, Privileges, and Access Controls