Closed Bug 115175 Opened 23 years ago Closed 23 years ago

server sets domain cookie beyond authority

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows ME
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 8743

People

(Reporter: cpj1, Assigned: morse)

References

(
URL
)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.6) Gecko/20011120 BuildID: 2001112009 The website www.ci.minneapolis.mn.us sets 2 cookies, one for host www.ci.minneapolis.mn.us, and one for domain minneapolis.mn.us. But anyone can obtain a valid subdomain of minneapolis.mn.us, so any web server in a subdomain of that domain could see the value of the minneapolis.mn.us cookie. Reproducible: Always Steps to Reproduce: 1. Visit http://www.ci.minneapolis.mn.us 2. Check your Cookie Manager 3. Expected Results: Mozilla should probably not accept cookies set to a 3rd level subdomain of the .us domain hierarchy.
That's an old problem and is unsolvable. *** This bug has been marked as a duplicate of 8743 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.