Mozilla Foundation Security Advisory 2008-63

Type securityvulns
Reporter Securityvulns
Modified 2008-12-18T00:00:00


Mozilla Foundation Security Advisory 2008-63

Title: User tracking via XUL persist attribute Impact: Low Announced: December 16, 2008 Reporter: Hish Products: Firefox

Fixed in: Firefox 3.0.5 Description

Security researcher Hish reported that the persist attribute in XUL elements can be used to store cookie-like information on a user's computer which could later be read by a website. This creates a privacy issue for users who have a non-standard cookie preference and wish to prevent sites from setting cookies on their machine. Even with cookies turned off, this issue could be used by a website to write persistent data in a user's browser and track the user across browsing sessions. Additionally, this issue could allow a website to bypass the limits normally placed on cookie size and number. References

* CVE-2008-5505