2 matches found
CVE-2011-2605
CVE-2011-2605 is a CRLF-injection issue in Firefox/Thunderbird: nsCookieService::SetCookieStringInternal mishandles a newline in document.cookie, bypassing access restrictions. Affected: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1; Thunderbird before 3.1.11. Outcome: potential cookie isol...
Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...