[Dshield] Browser vulnerability: Mozilla Cookie Path Restrictions Can Be Bypassed By Remote Servers

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Fri Mar 12 11:35:04 GMT 2004


FYI-

Mozilla Cookie Path Restrictions Can Be Bypassed By Remote Servers

Description:  A vulnerability was reported in Mozilla in the processing
of cookies. A remote user may be able to bypass the path restrictions
specified by a cookie's originator. Several other browsers are also
affected.

http://www.securitytracker.com/alerts/2004/Mar/1009364.html

The affected vendors were reportedly notified between July 12 and July
18, 2003.

Impact:  A remote server application can obtain cookies from the target
user's browser for the same domain but regardless of the path
restrictions.
 
Solution:  No solution has been publicly disclosed at the time of this
entry.
 
Vendor URL:  www.mozilla.org/

Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)


- Pete


         "Delay not; swift the flight of fortune's greatest favours."
       Seneca (5 BC-65 AD); Roman dramatist, philosopher, & politician.





More information about the list mailing list