Cross-domain Cookie Access Vulnerability in Netscape Navigator and Mozilla
CVE-2003-1492

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Navigator
Vendor: CVE Published:; 31 December 2003

Summary

The vulnerability in Netscape Navigator 7.0.2 and Mozilla allows remote attackers to exploit a flaw in HTTP requests, enabling them to gain unauthorized access to cookie information across different domains. This is achieved by manipulating the URL to include an extra dot at the end of the domain, thus tricking the browser into disclosing sensitive cookie data to an unauthorized source. As a result, this can lead to potential data theft or session hijacking, emphasizing the importance of secure cookie management and cross-origin resource sharing policies.

References

http://www.securityfocus.com/archive/1/319919

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/7456

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/11924

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Oct 24, 2007
Vulnerability published
Dec 31, 2003