CVE Vulnerabilities

CVE-2004-0871

Published: Sep 16, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka Cross Security Boundary Cookie Injection.

Affected Software

Name Vendor Start Version End Version
Mozilla Mozilla 0.9.2 (including) 0.9.2 (including)

References