CVE-2011-2605

by Fred · 30/06/2011

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

Date published : 2011-06-30

https://bugzilla.mozilla.org/show_bug.cgi?id=643051

http://www.mozilla.org/security/announce/2011/mfsa2011-19.html

CVE-2011-2605

Related

Recent Posts

Categories

Latest CWE

CVE-2011-2605

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE