CVE-2005-4685

Priority
Description
Firefox and Mozilla can associate a cookie with multiple domains when the
DNS resolver has a non-root domain in its search list, which allows remote
attackers to trick a user into accepting a cookie for a hostname formed via
search-list expansion of the hostname entered by the user, or steal a
cookie for an expanded hostname, as demonstrated by an attacker who
operates an ap1.com Internet web site to steal cookies associated with an
ap1.com.example.com intranet web site.
Notes
Package
Upstream:needs-triage
More Information

Updated: 2020-01-29 19:11:17 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)