OSVDB ID: 35139

Title: Mozilla Multiple Browser Cookie Path Data DoS

Info

Disclosure
May 30, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 Mozilla Firefox and SeaMonkey contain a flaw that may allow a remote denial of service. The issue is triggered due to the cookie path parameter not properly verifying user-supplied input, and will result in loss of availability for the application.

Classification

 Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Upgrade to Firefox version 2.0.0.4 or 1.5.0.12, SeaMonkey version 1.1.2 or 1.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization

Firefox

 2.0.0.3
2.0.0.2
2.0.0.1
2.0
1.5.0.11
1.5.0.10
1.5.0.9
1.5.0.8
1.5.0.7
1.5.0.6
1.5.0.5
1.5.0.4
1.5.0.3
1.5.0.2
1.5.0.1
1.5.0.1rc1
1.5

SeaMonkey

 1.1.1
1.0
1.1
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1 Beta
1.1 Alpha
1.0 Alpha
1.0 Beta

References

Credit
  • Nicolas Derouet -


Direct URL: http://osvdb.org/35139