Session Fixation Vulnerability in Mozilla Firefox 0.9.2 and 2.x

Session Fixation Vulnerability in Mozilla Firefox 0.9.2 and 2.x

CVE-2004-0867 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

Learn more about our Web App Pen Testing.