Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
BID:22879
Info
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
| Bugtraq ID: | 22879 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1362 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2007 12:00AM |
| Updated: | Sep 05 2007 05:11PM |
| Credit: | Nicolas Derouet is credited with discovering this vulnerability. |
| Vulnerable: |
Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux Desktop version 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 Mozilla Firefox 2.0.0.2 HP HP-UX B.11.23 HP HP-UX B.11.11 |
| Not Vulnerable: |
Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.0.9 Mozilla Firefox 2.0 .4 Mozilla Firefox 1.5 12 |
Discussion
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
An attacker may exploit this vulnerability to cause Mozilla Firefox to crash, resulting in denial-of-service conditions.
Little is known regarding this vulnerability; this BID will be updated when more information is disclosed.
Mozilla Firefox 2.0.0.2 is prone to this issue; other versions may also be affected.
Attackers may be able to bypass cookie domain and path restrictions, but this has not been confirmed.
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
An attacker may exploit this vulnerability to cause Mozilla Firefox to crash, resulting in denial-of-service conditions.
Little is known regarding this vulnerability; this BID will be updated when more information is disclosed.
Mozilla Firefox 2.0.0.2 is prone to this issue; other versions may also be affected.
Attackers may be able to bypass cookie domain and path restrictions, but this has not been confirmed.
Exploit / POC
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
The following text file contains JavaScript examples:
The following text file contains JavaScript examples:
Solution / Fix
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Mozilla Firefox 2.0.0.2
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Mozilla Firefox 2.0.0.2
-
Mozilla Firefox-2.0.0.4 for Linux
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.4& os=linux&lang=en-US -
Mozilla Firefox-2.0.0.4 for Mac OS X
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.4& os=osx&lang=en-US -
Mozilla Firefox-2.0.0.4 for Windows
http://www.mozilla.com/products/download.html?product=firefox-2.0.0.4& os=win&lang=en-US
References
Mozilla Firefox Document.Cookie Path Argument Denial of Service Vulnerability
References:
References:
- Known Vulnerabilities in Mozilla (Mozilla)
- Mozilla Homepage (Mozilla Foundation)
- RHSA-2007:0400-3 - firefox security update (RedHat)
- RHSA-2007:0401-2 - thunderbird security update (RedHat)
- RHSA-2007:0402-4 - seamonkey security update (RedHat)
- Bugzilla Bug ID 373228 (Bugzilla)
- HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)