Session Fixation Vulnerability in Mozilla Firefox Web Browser
CVE-2004-0867

Currently unrated

Key Information:

Vendor: Kde
Status: Konqueror; Ie; Firefox; Internet Explorer
Vendor: CVE Published:; 23 December 2004

What is CVE-2004-0867?

Mozilla Firefox versions 0.9.2 and later (including 2.x) have a vulnerability that permits websites to set cookies for country-specific top-level domains such as .ltd.uk or .plc.uk. This flaw could allow remote attackers to manipulate a user's HTTP session through session fixation attacks, leading to potential session hijacking and unauthorized access to sensitive information.

References

http://marc.info/?l=bugtraq&m=109536612321898&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/12580/

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1011331

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2004
Vulnerability Reserved
Sep 14, 2004

CVE-2004-0867 Data

JSON

Kde

What is CVE-2004-0867?

References

Timeline