Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - Firefox javascript/cookie vulnerability uncovered

mybecq writes: Michal Zalewski has uncovered and disclosed a serious vulnerability (BugZilla: 5) in Mozilla Firefox, whereby a javascript string containing '\x00' (escaped NUL character) can cause Firefox to allow malicious sites to manipulate cookies for third-party webpages.

A demonstration of the vulnerability is available. The vulnerability requires javascript and session cookies to be enabled to be able to be exploited.

A method of solution is perfect if we can forsee from the start, and even prove, that following that method we shall attain our aim. -- Leibnitz