Firefox hands out cookies from strangers

Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe. It's the second major security lapse for the open-source browser in as many days.

The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn't be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday's vulnerability as well.

View: The full story
News source: The Reg

Report a problem with article
Previous Story

Study: DRM Loses Hearts and Minds

Next Story

IBM's New eDRAM to Boost Microprocessor's Performance

31 Comments - Add comment