Closed Bug 415214 Opened 16 years ago Closed 16 years ago

Sites can set cookies for TLDs which can be accessed by any other site in that TLD

Categories

(Core :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 385299

People

(Reporter: wallfur+mozbugz, Assigned: dveditz)

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-AU; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-AU; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6

A site (or sites) has been able to set two cookies on my computer for the top level domain:
.com.au
when the least amount of info to set a domain cookie should have been:
.somedomain.com.au

Reproducible: Didn't try



Expected Results:  
firefox should understand the .au is a country code thus the com.au is not a registrable domain and cookies cannot be set for it.
we've seen this before: bug 252342, bug 385299.
Yeah, this looks like a dupe of either of those bugs, which weren't fixed on the branch. I'm not sure how feasible it would be to backport the fix, but bug 385299 is marked wanted1.8.1.x+.

This is a well-known problem and doesn't need to be marked security-sensitive. I think we should open it and dupe it to bug 385299.
Assignee: nobody → dveditz
Group: security
Product: Firefox → Core
QA Contact: firefox → toolkit
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: