Firefox vulnerability leaves cookies exposed

By Justin Mann on
A vulnerability in FireFox has been discovered that relates to cookie management. While not a critical flaw in terms of immediate impact, it is dangerous in that it could potentially lead to spoofing or data compromise, such as usernames. Potentially, a malicious site could lead to someone being tricked:

By injecting text string that includes "\x00," normal safeguards can be bypassed, allowing the browser to be fooled about the origin of a domain trying to set or modify a cookie. The sleight of hand makes a victim's browser appear to be talking to trustedbank.com when in fact it is receiving data from evilhackers.com.
It affects versions up to 2.0.0.1, and the linked article contains demonstrations. It is already reported in Bugzilla and hopefully the Mozilla dev deam will release a patch soon.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.