Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Mozilla

Submission + - Firefox javascript/cookie vulnerability uncovered

mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: https://bugzilla.mozilla.org/show_bug.cgi?id=37044 5) in Mozilla Firefox 2.0.0.1, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.

"Everyone is entitled to an *informed* opinion." -- Harlan Ellison

Working...