Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2004-12-23 05:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-0867
Mitre link : CVE-2004-0867
CVE.ORG link : CVE-2004-0867
JSON object : View
Products Affected
microsoft
- internet_explorer
- ie
mozilla
- firefox
kde
- konqueror
suse
- suse_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls