CVE-2008-3172
Opera - Session Fixation via Country-Specific Top-Level Domain Cookie Injection
Title source: llmDescription
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
References (5)
Core 5
Core References
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=252342
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43951
Various Sources x_refsource_misc
http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html
Various Sources x_refsource_misc
http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
Various Sources x_refsource_misc
http://o.bulport.com/index.php?item=55
Scores
EPSS
0.0058
EPSS Percentile
69.2%
Details
CWE
CWE-264
Status
published
Products (1)
opera/opera
Published
Jul 14, 2008
Tracked Since
Feb 18, 2026