Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability - Advisories

Mozilla / Mozilla Firefox Cross-Domain Cookie Injection Vulnerability

Secunia Advisory:	SA12580
Release Date:	2004-09-18
Last Update:	2008-01-15

Critical:	Less critical
Impact:	Hijacking
Where:	From remote
Solution Status:	Vendor Workaround

Software:	Mozilla 0.x Mozilla 1.0 Mozilla 1.1 Mozilla 1.2 Mozilla 1.3 Mozilla 1.4 Mozilla 1.5 Mozilla 1.6 Mozilla 1.7.x Mozilla Firefox 0.x Mozilla Firefox 1.x Mozilla Firefox 2.0.x

CVE reference:	CVE-2004-0867 (Secunia mirror)



Description: WESTPOINT has reported a vulnerability in Mozilla / Mozilla Firefox, which potentially can be exploited by malicious people to conduct session fixation attacks. For more information: SA12341 Solution: Do not follow untrusted links. Fixed in CVS repository. https://bugzilla.mozilla.org/attachment.cgi?id=288748 Changelog: 2004-12-10: Added Mozilla Firefox 1.0 as affected software. 2005-05-30: Added Mozilla Firefox 2.0.x as affected software. 2008-01-15: Updated "Solution" section. Original Advisory: http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt Other References: SA12341: http://secunia.com/advisories/12341/ Mozilla Bugzilla reference: http://bugzilla.mozilla.org/show_bug.cgi?id=252342



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

104 Related Secunia Security Advisories, displaying 10

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenBSD BIND Query Port DNS Cache Poisoning

2.	Drupal Session Fixation Vulnerability

3.	Linux Kernel LDT Buffer Size Handling Vulnerability

4.	Red Hat update for kernel

5.	dnsmasq Denial of Service and DNS Cache Poisoning

6.	Apple Safari Cross-Domain Cookie Injection Vulnerability

7.	YouTube Blog Multiple Vulnerabilities

8.	Debian update for clamav

9.	Red Hat update for thunderbird

10.	Ubuntu update for php