MozillaZine

Full Article Attached Mozilla 1.1 Branching Update

Saturday August 3rd, 2002

Yesterday evening, Asa Dotzler posted an update on Mozilla 1.1 to netscape.public.mozilla.seamonkey. The current plan is to branch for 1.1 and reopen the trunk on Monday. Read the full article for more information and check out Asa's recent posting to the Build Bar forum to see how you can help.


#20 Re: Re: 1.0.1 - cookie problem

by treebeard <treebeard@treebeard.net>

Monday August 5th, 2002 11:57 PM

You are replying to this message

the cookie bug has been reported on bugtraq ( 7/24 ) by Andreas Sandblad I don't know if it has been fixed. The security related bugs are usually blocked on bugzilla at least until they are fixed. Understandably. One doesn't want to encourage exploits.

in pertinent part:

DESCRIPTION: ============

Mozilla allows script in the javascript protocoll to set and read cookies. For javascript URLs the host and path for the cookie is pulled out as: "javascript:[host][path]"

......., it is possible to access and alter cookies from other domains.