Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Mozilla

Submission + - Firefox javascript/cookie vulnerability uncovered

mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: https://bugzilla.mozilla.org/show_bug.cgi?id=37044 5) in Mozilla Firefox 2.0.0.1, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.

1000 pains = 1 Megahertz

Working...