Firefox vulnerability leaves cookies exposed

By Justin Mann on February 14, 2007, 8:55 PM
A vulnerability in FireFox has been discovered that relates to cookie management. While not a critical flaw in terms of immediate impact, it is dangerous in that it could potentially lead to spoofing or data compromise, such as usernames. Potentially, a malicious site could lead to someone being tricked:

By injecting text string that includes "x00," normal safeguards can be bypassed, allowing the browser to be fooled about the origin of a domain trying to set or modify a cookie. The sleight of hand makes a victim's browser appear to be talking to trustedbank.com when in fact it is receiving data from evilhackers.com.
It affects versions up to 2.0.0.1, and the linked article contains demonstrations. It is already reported in Bugzilla and hopefully the Mozilla dev deam will release a patch soon.




User Comments: 3

Got something to say? Post a comment
canadian said:
Do news items like this mean Firefox is horrible because of all these security holes, or its great because when ever a hole is found, it makes the news?
kitty500cat said:
in the related stories, it says flaws discovered in IE. no joke.Firefox is still more secure, I guess, maybe cuz it's slightly less used and thus less targeted.
Soul Harvester said:
[b]Originally posted by canadian:[/b][quote]Do news items like this mean Firefox is horrible because of all these security holes, or its great because when ever a hole is found, it makes the news?[/quote]It's called coverage. With the millions upon millions of FireFox users, do you think all of them have a newsletter subscription that alerts them when they should update, or that every single FF user has automated updating turned on? People like to hear about these things because it keeps them informed to something very relevant to a typical desktop user. If there is a flaw found in Opera, IE, FireFox, Konqueror, Safari or any other browser worthy of note that could leave data vulnerable, we'll talk about it.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.