Original URL: http://www.channelregister.co.uk/2007/02/15/firefox_vuln/
Firefox hands out cookies from strangers
Be careful, kids
Posted in Software & Security, 15th February 2007 02:08 GMT
Free whitepaper – Driving Situational Awareness:
Firefox suffers from a flaw that allows attackers to manipulate the authentication cookies of virtually any website, a vulnerability Bugzilla has deemed severe [1]. It's the second major security lapse for the open-source browser in as many days.
The defect, which stems from the way Firefox writes to the "location.hostname" property of the document object model, can be exploited by a specially doctored script that sets variables that normally wouldn't be accepted when parsing a regular URL, according to researcher Michal Zalewski, who uncovered Monday's vulnerability [2] as well.
By injecting text string that includes "\x00," normal safeguards can be bypassed, allowing the browser to be fooled about the origin of a domain trying to set or modify a cookie. The sleight of hand makes a victim's browser appear to be talking to trustedbank.com when in fact it is receiving data from evilhackers.com.
The attacker would also be able to change the document.domain accordingly. A demonstration of the vulnerability, which has been tested on version 2.0.0.1, is available here [3]. ®