Closed Bug 90500 Opened 24 years ago Closed 24 years ago

Cookie domain ".co.uk" incorrectly set

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 8743

People

(Reporter: z-aillon.c-obsolete, Assigned: morse)

References

(
URL
)

Details

This occurs on both Linux trunk and W32 branch. 20010710. (assuming all OS). 1. In your prefs, make sure notify me before accepting a cookie is checked on. 2. Visit URL. 3. Notice cookie is being set for ".co.uk" which is incorrect. 4. The cookie will also be stored as such if click yes (verify in cookie manager). I am not sure if this cookie will then get sent to any site with a .co.uk domain but if it does, this is a potential security hole.
Not a security hole but just the opposite. Instead of the site capturing cookies from other sites, they are broadcasting their own cookies to the world. See bug 8743 for a detailed discussion on this problem and why we can't fix it. *** This bug has been marked as a duplicate of 8743 ***
Status: UNCONFIRMED → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
V/dupe.
QA Contact: tever → benc
Summary: Cookie domain incorrectly set → Cookie domain ".co.uk" incorrectly set
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.