Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Firefox javascript/cookie vulnerability uncovered

mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: 5) in Mozilla Firefox, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.

All Finagle Laws may be bypassed by learning the simple art of doing without thinking.