Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Mozilla

+ - Firefox javascript/cookie vulnerability uncovered

Submitted by mybecq
mybecq (131456) writes "Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: https://bugzilla.mozilla.org/show_bug.cgi?id=37044 5) in Mozilla Firefox 2.0.0.1, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited."

Time to take stock. Go home with some office supplies.

Working...