Mozilla < 0.9.7 Null Byte Cookie Disclosure

high Log Correlation Engine Plugin ID 801288

Synopsis

N/A

Description

The remote host is using a version of the Mozilla web browser that may allow an attacker to steal the cookies of the users because of the way Mozilla handles null characters in its URLs.

Solution

Upgrade to Mozilla 0.9.7 or higher.

Plugin Details

Severity: High

ID: 801288

Family: Web Clients

Reference Information

CVE: CVE-2002-2013

BID: 3925