Firefox hands out cookies from strangers

Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe. It"s the second major security lapse for the open-source browser in as many days.

The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn"t be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday"s vulnerability as well.

View: The full story
News source: The Reg

Report a problem with article
Next Article

IBM's New eDRAM to Boost Microprocessor's Performance

Previous Article

Study: DRM Loses Hearts and Minds