CVE-2007-1362
Firefox 1.5.x-1.5.0.11 and 2.x-2.0.0.3 - Denial of Service via Cookie Path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1362. PoCs published by Nicolas DEROUET.
AI-analyzed exploit summary The document describes a vulnerability in Mozilla Firefox 2.0.0.2 where the 'document.cookie' path argument can be manipulated with tabulations or large sizes to bypass same-origin policy, cause denial-of-service, or create duplicate cookies. It includes technical details and examples but lacks executable exploit code.
Description
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
Exploits (1)
The document describes a vulnerability in Mozilla Firefox 2.0.0.2 where the 'document.cookie' path argument can be manipulated with tabulations or large sizes to bypass same-origin policy, cause denial-of-service, or create duplicate cookies. It includes technical details and examples but lacks executable exploit code.