CVE-2005-4685 — Mozilla Firefox vulnerability

4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.3%

top 43.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedDec 31

Latest updateMay 1

Description

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶NVDmozilla/firefox17 versions+16

▶NVDmozilla/mozilla44 versions+43

🔴Vulnerability Details

GHSA

GHSA-qx3r-96cr-cwr5: Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote a↗2022-05-01

▶

CVEList

CVE-2005-4685: Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote a↗2006-02-01

▶

📋Vendor Advisories

Debian

CVE-2005-4685: firefox - Firefox and Mozilla can associate a cookie with multiple domains when the DNS re...↗2005

▶