Описание
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00438
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 21 года назад
Mozilla does not prevent cookies that are sent over an insecure channe ...
github
больше 3 лет назад
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
EPSS
Процентиль: 62%
0.00438
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other