Fx Cookie Vulnerability

A recent Vulnerability involving Fx 2.0.0.1 (and possibly 1.5.0.* builds) has been exposed. The vulnerability (Bug 370445) could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. Due to Fx 2.0.0.2 already in RC status and due out in a few days, plus the bug is still being worked it is doubtful this will be fixed in this upcoming build. Likely we will see this fixed in Fx 2.0.0.3 (and if affects the 1.5.0.X builds, 1.5.0.11). In the mean time you can apply this simple fix via about:config…

  • In a new tab, enter about:config in the location bar to access Firefox’s advanced preferences
  • Right click on any preference and select New>String
  • Enter capability.policy.default.Location.hostname.set for the preference name
  • Enter noAccess for the preference value
  • Restart Firefox


News Source: Mozilla Links

Permalink