CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
65.2%
Mozilla Firefox allows for cookies to be set with a null domain (aka
“domainless cookies”), which allows remote attackers to pass information
between arbitrary domains and track user activity, as demonstrated by the
domain attribute in the document.cookie variable in a javascript: window.
Author | Note |
---|---|
mdeslaur | upstream couldn’t reproduce |