CVE-2009-0357

2009-02-04T14:30:00
ID CVE-2009-0357
Type cve
Reporter NVD
Modified 2017-09-28T21:33:46

Description

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.