Netscape/Mozilla Null Character Cookie Disclosure (deprecated)
Medium Nessus Network Monitor Plugin ID 1310
SynopsisThe remote client browser is vulnerable to a flaw which allows for the theft of authentication cookies.
DescriptionThe remote host is running a version of the Mozilla browser that could allow a remote attacker to steal cookie-based authentication information. A remote attacker could create a specially crafted URL link containing a NULL byte character string (%00) that would cause the victims cookie information to be sent to a specified hostname once the link is clicked.
SolutionUpgrade to the latest version of Mozilla