CVE-2009-0357

2009-02-04T19:30:00
ID CVE-2009-0357
Type cve
Reporter cve@mitre.org
Modified 2017-09-29T01:33:00

Description

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.