Vulnerabilities

CVE-2009-0357

by Fred · 04/02/2009

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.

Date published : 2009-02-04

http://www.securityfocus.com/bid/33598

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

Similar

Tags: Cybersecurity Alert