Closed
Bug 301055
Opened 19 years ago
Closed 19 years ago
its possible to set cookies scoped to .co.uk domain and read at other .co.uk sites
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 252342
People
(Reporter: liquidlaughter2000.will, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5 www.fictitious-site.co.uk is able to set a cookie scoped to the domain '.co.uk', which is then sent in a request to view www.another-fictitious-site.co.uk, or indeed any other .co.uk site. This may also apply to other domains other than .co.uk - other domains have not been tested. Reproducible: Always Steps to Reproduce: 1. visit http://www.garytomlinson.co.uk/cookies/ 2. enter a cookie name and a cookie value, click submit 3. click the resulting link or go to http://www.focusforsale.pwp.blueyonder.co.uk/ Actual Results: The cookie you created on the first .co.uk site is accessible to the second. Expected Results: Cookies should not be able to be set for the .co.uk domain. 3 periods are required in domains except for limited few (.com, .net etc).
*** This bug has been marked as a duplicate of 252342 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•19 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•