Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Mozilla

Submission + - Firefox javascript/cookie vulnerability uncovered

mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: https://bugzilla.mozilla.org/show_bug.cgi?id=37044 5) in Mozilla Firefox 2.0.0.1, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Working...