Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html - | |
References | () http://marc.info/?l=bugtraq&m=109536612321898&w=2 - | |
References | () http://secunia.com/advisories/12580/ - | |
References | () http://securitytracker.com/id?1011331 - | |
References | () http://www.securityfocus.com/bid/11186 - Vendor Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=252342 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 - |
23 Jul 2021, 12:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
Information
Published : 2004-12-23 05:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-0867
Mitre link : CVE-2004-0867
CVE.ORG link : CVE-2004-0867
JSON object : View
Products Affected
suse
- suse_linux
mozilla
- firefox
microsoft
- internet_explorer
- ie
kde
- konqueror
CWE
CWE-264
Permissions, Privileges, and Access Controls