Mozilla Firefox allows for cookies to be set with a null domain (aka domainless cookies), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | * |