Submission + - Firefox javascript/cookie vulnerability uncovered
mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: https://bugzilla.mozilla.org/show_bug.cgi?id=37044 5) in Mozilla Firefox 2.0.0.1, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.
A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.
A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.