Mozilla < 0.9.7 Null Byte Cookie Disclosure

High Log Correlation Engine Plugin ID 801288

Synopsis

N/A

Description

The remote host is using a version of the Mozilla web browser that may allow an attacker to steal the cookies of the users because of the way Mozilla handles null characters in its URLs.

Solution

Upgrade to Mozilla 0.9.7 or higher.

Plugin Details

Severity: High

ID: 801288

File Name: 801288.prm

Family: Web Clients

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Reference Information

CVE: CVE-2002-2013

BID: 3925