CVE-2007-1362

Firefox 1.5.x-1.5.0.11 and 2.x-2.0.0.3 - Denial of Service via Cookie Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1362. PoCs published by Nicolas DEROUET.

AI-analyzed exploit summary The document describes a vulnerability in Mozilla Firefox 2.0.0.2 where the 'document.cookie' path argument can be manipulated with tabulations or large sizes to bypass same-origin policy, cause denial-of-service, or create duplicate cookies. It includes technical details and examples but lacks executable exploit code.

Description

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nicolas DEROUET · textdoslinux
https://www.exploit-db.com/exploits/29720

The document describes a vulnerability in Mozilla Firefox 2.0.0.2 where the 'document.cookie' path argument can be manipulated with tabulations or large sizes to bypass same-origin policy, cause denial-of-service, or create duplicate cookies. It includes technical details and examples but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Mozilla Firefox 2.0.0.2
No auth needed
Prerequisites: Victim must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (36)

Core 36
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0400.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1308
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018163
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25647
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200706-06.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25635
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25534
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1994
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25533
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35140
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1306
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1424
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25858
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-468-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0401.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25476
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018162
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24242
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25750
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1300
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25559
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/35139
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25490
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22879
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0402.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25685

Scores

EPSS 0.0783
EPSS Percentile 93.9%

Details

CWE
CWE-20
Status published
Products (25)
mozilla/firefox 1.5.0.1
mozilla/firefox 1.5.0.2
mozilla/firefox 1.5.0.3
mozilla/firefox 1.5.0.4
mozilla/firefox 1.5.0.5
mozilla/firefox 1.5.0.6
mozilla/firefox 1.5.0.7
mozilla/firefox 1.5.0.8
mozilla/firefox 1.5.0.9
mozilla/firefox 1.5.0.10
... and 15 more
Published Jun 01, 2007
Tracked Since Feb 18, 2026