CRLF Injection Vulnerability in nsCookieService::SetCookieStringInternal Function

CRLF Injection Vulnerability in nsCookieService::SetCookieStringInternal Function

CVE-2011-2605 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.