Cookie protection bypass in Mozilla - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Cookie protection bypass in Mozilla
Published: 24.07.2002
Source: BUGTRAQ
SecurityVulns ID: 2177
Type: client
Level: 5/10
Description: It's possible to obtain cookie by spoofing valid hostname in javascript: URL. For example f.location = "javascript://www.google.com/\n"+ "'<body onload=alert(document.cookie)>'";

Affected: MOZILLA : Mozilla 1.1

Original document Andreas Sandblad, Mozilla cookie stealing - Sandblad advisory #9 (24.07.2002)

Discuss: Read or add your comments to this news (0 comments)