Lucene search
Mozilla FoundationMFSA2011-24HistoryJun 21, 2011 - 12:00 a.m.
Cookie isolation error — Mozilla
2011-06-2100:00:00
Mozilla Foundation
www.mozilla.org
7
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.1%
Mozilla security researcher David Chan reported that cookies set for example.com. (note the trailing dot) and example.com were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party.
Affected configurations
Node
mozillafirefoxRange<3.6.18
ORmozillathunderbirdRange<3.1.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 3.6.18 | |
| thunderbird | lt | 3.1.11 |
Related
veracode
veracode
Same-Origin Policy Bypass
2020-04-10 00:58:20
nvd
nvd
CVE-2011-2362
2011-06-30 16:55:05
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkey Cookie跨域信息泄露漏洞
2011-06-25 00:00:00
ubuntucve
ubuntucve
CVE-2011-2362
2011-06-24 00:00:00
prion
prion
Design/Logic Flaw
2011-06-30 16:55:00
cvelist
cvelist
CVE-2011-2362
2011-06-30 16:00:00
cve
cve
CVE-2011-2362
2011-06-30 16:55:05
openvas
openvas
Mozilla Products Multiple Vulnerabilities July-11 (Windows)
2011-07-07 00:00:00
Mozilla Products Multiple Vulnerabilities (Jul 2011) - Windows
2011-07-07 00:00:00
Debian Security Advisory DSA 2269-1 (iceape)
2011-08-03 00:00:00
osv
osv
icedove - multiple issues
2011-07-06 00:00:00
iceape - several
2011-07-01 00:00:00
iceweasel - several
2011-07-01 00:00:00
debian
debian
[BSA-040] Security Update for iceweasel
2011-07-04 07:11:09
[SECURITY] [DSA 2269-1] iceape security update
2011-07-01 20:16:48
[SECURITY] [DSA 2268-1] iceweasel security update
2011-07-01 19:32:42
nessus
nessus
Debian DSA-2269-1 : iceape - several vulnerabilities
2011-07-05 00:00:00
Debian DSA-2268-1 : iceweasel - several vulnerabilities
2011-07-05 00:00:00
Debian DSA-2273-1 : icedove - several vulnerabilities
2011-07-07 00:00:00
suse
suse
MozillaThunderbird: Update to Thunderbird 3.1.11 (important)
2011-06-30 21:08:16
Security update for Mozilla Firefox (important)
2011-06-30 23:08:22
remote code execution in MozillaFirefox,MozillaThunderbird
2011-07-05 17:43:33
ubuntu
ubuntu
Firefox regression
2011-06-29 00:00:00
Thunderbird vulnerabilities
2011-07-15 00:00:00
Firefox and Xulrunner vulnerabilities
2011-06-22 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-06-21 00:00:00
seamonkey security update
2011-06-21 00:00:00
thunderbird security update
2011-06-21 00:00:00
redhat
redhat
(RHSA-2011:0886) Critical: thunderbird security update
2011-06-21 00:00:00
(RHSA-2011:0888) Critical: seamonkey security update
2011-06-21 00:00:00
(RHSA-2011:0887) Critical: thunderbird security update
2011-06-21 00:00:00
centos
centos
seamonkey security update
2011-08-14 21:51:22
firefox, xulrunner security update
2011-06-22 23:42:39
thunderbird security update
2011-06-22 23:49:49
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-06-23 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.1%
Related for MFSA2011-24