Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability

No description provided by source. !-- Mozilla Firefox 'location.hostname' Cross-Domain Vulnerability Software : Mozilla Firefox version 2.0.0.1 and prior CVE reference : CVE-2007-0981 Impact : Security Bypass Risk : Moderate Discovered by : Michal Zalewski http://lcamtuf.coredump.cx/ Advisory Da...

Mozilla Firefox 2.0.0.1 - &#039;location.hostname&#039; Cross-Domain

Options - Privacy - Show Cookies for login.live.com Gorn, gorn.supportgmailcom 2007-02-19 16:00 -- var mydomain = '127.0.0.1'; var varcook = 'MSPPre=firefoxvulnerabilitytest'; var domcook = 'login.live.com'; if location.hostname == mydomain...

CVE-2007-0981

CVE-2007-0981 affects Mozilla-based browsers (Firefox up to 1.5.0.10 and 2.x up to 2.0.0.2; SeaMonkey up to 1.0.8). The root cause is a handling flaw when location.hostname is modified via a URI containing a null byte, interacting with DNS resolver code, which can bypass the same-origin policy an...