CVE-2004-0867

Опубликовано: 23 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.0.5b:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:kde:konqueror:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04214

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2004-0867

debian

больше 20 лет назад

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-spec ...

GHSA-rgv5-6h77-53xf

github

около 3 лет назад