Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Netscape/Mozilla Null Character Cookie Disclosure (deprecated)

Medium

Synopsis

The remote client browser is vulnerable to a flaw which allows for the theft of authentication cookies.

Description

The remote host is running a version of the Mozilla browser that could allow a remote attacker to steal cookie-based authentication information. A remote attacker could create a specially crafted URL link containing a NULL byte character string (%00) that would cause the victims cookie information to be sent to a specified hostname once the link is clicked.

Solution

Upgrade to the latest version of Mozilla