CVE-2008-7293

2011-08-0900:00:00

ubuntu.com

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

66.4%

JSON

Mozilla Firefox before 4 cannot properly restrict modifications to cookies
established in HTTPS sessions, which allows man-in-the-middle attackers to
overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP
response, related to lack of the HTTP Strict Transport Security (HSTS)
includeSubDomains feature, aka a “cookie forcing” issue.

Bugs

<https://bugzilla.mozilla.org/show_bug.cgi?id=660053>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.23+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 3.6.23+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu8.04noarchfirefox-3.0< 3.6.17+build3+nobinonly-0ubuntu0.8.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 3.6.23+build1+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	firefox	< 3.6.23+build1+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	8.04	noarch	firefox-3.0	< 3.6.17+build3+nobinonly-0ubuntu0.8.04.1	UNKNOWN