Netscape/Mozilla Null Character Cookie Stealing Vulnerability

Mozilla is a popular, freely available, open-source web browser. It runs on most Linux and Unix variants, as well as MacOS and Microsoft Windows 9x/ME/NT/2000/XP operating systems. Netscape is another popular web-browser product which runs on the same platforms as Mozilla.

An issue has been discovered in Mozilla and Netscape which may allow an attacker to steal cookie-based authentication credentials from a user of a vulnerable web browser. The problem is in the handling of NULL (%00) characters in URLs.

This issue may only be exploited to steal cookies set for a domain, as opposed to cookies set for a specific host in that domain. Cookies set with the secure flag can be stolen if the attacker uses SSL.


Privacy Statement
Copyright 2010, SecurityFocus