Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via %2e%2e (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mozilla | Mozilla | 1.0 | 1.0 |
Mozilla | Mozilla | 1.0 | 1.0 |
Mozilla | Mozilla | 1.0 | 1.0 |
Mozilla | Mozilla | 1.0.1 | 1.0.1 |
Mozilla | Mozilla | 1.0.2 | 1.0.2 |
Mozilla | Mozilla | 1.1 | 1.1 |
Mozilla | Mozilla | 1.1 | 1.1 |
Mozilla | Mozilla | 1.1 | 1.1 |
Mozilla | Mozilla | 1.2 | 1.2 |
Mozilla | Mozilla | 1.2 | 1.2 |
Mozilla | Mozilla | 1.2 | 1.2 |
Mozilla | Mozilla | 1.2.1 | 1.2.1 |
Mozilla | Mozilla | 1.3 | 1.3 |
Mozilla | Mozilla | 1.3.1 | 1.3.1 |
Mozilla | Mozilla | 1.4 | 1.4 |
Mozilla | Mozilla | 1.4.1 | 1.4.1 |
Mozilla | Mozilla | 1.4.2 | 1.4.2 |
Red Hat Enterprise Linux 2.1 | RedHat | galeon | * |
Red Hat Enterprise Linux 2.1 | RedHat | mozilla | * |
Red Hat Enterprise Linux 3 | RedHat | mozilla | * |
Red Hat Linux 9 | RedHat | mozilla | * |