QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0867

Published: Sep 24, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

web-browser-session-hijack(17415)

vdb-entry

x_refsource_XF

https://bugzilla.mozilla.org/show_bug.cgi?id=252342

x_refsource_CONFIRM

http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2004-0867 - Security Vulnerability | QwikSec