CVE-2008-7293 (GCVE-0-2008-7293)
Vulnerability from cvelistv5 – Published: 2011-08-09 19:00 – Updated: 2024-09-16 20:42
VLAI
Summary
Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://hacks.mozilla.org/2010/08/firefox-4-http-s… | x_refsource_CONFIRM |
| http://michael-coates.blogspot.com/2010/01/cookie… | x_refsource_MISC |
| http://code.google.com/p/browsersec/wiki/Part2#Sa… | x_refsource_MISC |
| http://scarybeastsecurity.blogspot.com/2011/02/so… | x_refsource_MISC |
| https://bugzilla.mozilla.org/show_bug.cgi?id=660053 | x_refsource_MISC |
| http://scarybeastsecurity.blogspot.com/2008/11/co… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-09T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/",
"refsource": "CONFIRM",
"url": "http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/"
},
{
"name": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html",
"refsource": "MISC",
"url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html"
},
{
"name": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies",
"refsource": "MISC",
"url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7293",
"datePublished": "2011-08-09T19:00:00.000Z",
"dateReserved": "2011-08-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:42:02.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2008-7293",
"date": "2026-06-03",
"epss": "0.0059",
"percentile": "0.69537"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-7293\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-08-09T19:55:01.073\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \\\"cookie forcing\\\" issue.\"},{\"lang\":\"es\",\"value\":\"Mozilla Firefox en versiones anteriores a la versi\u00f3n 4 no restringe apropiadamente las modificaciones a las cookies establecidas en las sesiones HTTPS, lo que facilita a atacantes \\\"man-in-the-middle\\\" sobreescribir o borrar cookies arbitrarias a trav\u00e9s de una cabecera Set-Cookie en una respuesta HTTP, relacionado con una fallo en la funcionalidad HTTP Strict Transport Security (HSTS) includeSubDomains. Tambi\u00e9n conocido como un problema \\\"cookie forcing\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:beta12:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0\",\"matchCriteriaId\":\"23C1CA86-F698-48F9-9FB1-1413BEFD2C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A545A77-2198-4685-A87F-E0F2DAECECF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*\",\"matchCriteriaId\":\"438AACF8-006F-4522-853F-30DBBABD8C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"778FAE0C-A5CF-4B67-93A9-1A803E3E699F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7447185-7509-449D-8907-F30A42CF7EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EDBAC37-9D08-44D1-B279-BC6ACF126CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFF89FA-2020-43CC-BACD-D66117B3DD26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834BB391-5EB5-43A8-980A-D305EDAE6FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A38AD88-BAA6-4FBE-885B-69E951BD1EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B500EE6C-99DB-49A3-A1F1-AFFD7FE28068\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F2938F2-A801-45E5-8E06-BE03DE03C8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB88E86-6E83-4A59-9266-8B98AA91774D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"66BE50FE-EA21-4633-A181-CD35196DF06E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6BF5B1-86D1-47FE-9D9C-735718F94874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D15CE0-69DF-4EFD-801E-96A4D6AABEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F38886-C25A-4C6B-93E7-36461405BA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C65D2670-F37F-48CB-804A-D35BB1C27D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE8E5194-7B34-4802-BDA6-6A86EB5EDE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2917BD67-CE81-4B94-B241-D4A9DDA60319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A524A94E-F19B-42B9-AA8E-171751C339AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71436CF-F756-44E0-8E69-6951F6B3E54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"582EE839-B83F-4908-9780-D0C92DC44FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"824369CF-00A0-434E-94BC-71CA1317012C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCB35099-B04E-4796-A25D-953329FE62F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C30ACBCA-4FA1-46DE-8F15-4830BC27E160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9453EF65-7C69-449E-BF7C-4FECFB56713E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA75825-21CF-475B-8040-126A13FA2216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA97C80E-17FA-4866-86CE-29886145ED80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE24BED-202E-416D-B5F2-8207D97B9939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04198E04-CE1D-4A5A-A20C-D1E135B45F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3487FA64-BE04-42CA-861E-3DAC097D7D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D956DC-C73B-439F-8D79-8239207CC76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E2C7E7-56C0-466C-BB08-5EB43922C4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"462E135A-5616-46CC-A9C0-5A7A0526ACC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6121F9C1-F4DF-4AAB-9E51-AC1592AA5639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D44634-A0B5-4F05-8983-B08D392EC742\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4105171B-9C90-4ABF-B220-A35E7BA9EE40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20985549-DB24-4B69-9D40-208A47AE658E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43A13026-416F-4308-8A1B-E989BD769E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"612B015E-9F96-4CE6-83E4-23848FD609E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E391619-0967-43E1-8CBC-4D54F72A85C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0544D626-E269-4677-9B05-7DAB23BD103B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C95F7B2C-80FC-4DF2-9680-F74634DCE3E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863C140E-DC15-4A88-AB8A-8AEF9F4B8164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CD049A-5333-4FF7-AD34-6B74E19BADCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0066576D-D66A-4B59-B5C3-471EEBEE8B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60ED6DAA-9194-4829-BC1A-00F04BE7930A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13BEB9A6-EFD5-4793-9603-84DB84F1CF7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"461163C6-4CA8-4BA9-95A1-136E612CBA6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"275E9D96-1290-44AB-BF9B-E9E4A803F593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"412DF091-7604-4110-87A0-3488116A97E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63DF3D65-C992-44CF-89B4-893526C6242E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9024117-2E8B-4240-9E21-CC501F3879B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52624B41-AB34-40AD-8709-D9646B618AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"917E9856-9556-4FD6-A834-858F8837A6B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98BBD74D-930C-4D80-A91B-0D61347BAA63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAF2E696-883D-4DE5-8B79-D8E5D9470253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E04FD9-38E8-462D-82C2-729F7F7F0465\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5888517E-3C57-4A0A-9895-EA4BCB0A0ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB21291-B9F3-445E-A9E9-EA1822083DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D595F649-ECBE-45E0-8AAD-BCBC65A654B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FE6E920-9A4C-431B-89EA-683A22F15ACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B6CC9F-6295-4598-B28B-0CA19D1D9F45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F0434D-C84F-49FD-9F44-66D3ACD7B601\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6AAB416-E865-4EEE-8FCB-A91253BEB52B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"031E8624-5161-43AF-AF19-6BAB5A94FDD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54186D4A-C6F0-44AD-94FB-73B4346ABB6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47E50AD9-BA35-4817-BD4D-5D678FC5A3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD09DE40-8C9B-41EA-B372-9E4E4830E8F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F223FB83-0EDB-4429-94B9-1AEEF314B73F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6B977F-292F-4981-95A0-6065A3C487D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"342226B9-2C0C-416C-81FE-19C49F03AA88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A6A28E0-F67A-4275-B0D9-A02822E9EF7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECAB4696-76F3-458C-B33B-D7F8690C60A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBB444FD-15F3-4447-9EA8-1669779A5749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F92E2EF3-A612-476F-9D31-1EEC240C7EA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F175D30-2416-4172-BF11-DA78D252D608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DD3F168-3EF4-492E-BBAA-EACB1357C709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B46BA97-2860-45E4-9FD3-F418A202E4F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C23289-38C3-4C62-8B27-249EAECC297E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B0C0CB-6B81-45F0-B71F-A09164501414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"869D2763-D953-4532-9353-DC9045A7EF2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80082DA0-7E48-4F5F-A005-915151226C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51925FD3-D730-4938-BE35-C5FDF57F8DD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3782354-7EB7-49D2-B240-1871F6CB84C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30D47263-03AD-4060-91E3-90F997B3D174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD775DF-277E-4D5B-B980-B8E6E782467D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8587BFD-417D-42BE-A5F8-22FDC68FA9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7364FAB-EEE9-4064-A8AD-6547239F9AB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C50485F-BC7B-4B70-A47B-1712E2DBAC5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EE386B-0833-484E-A2AB-86B4470D4D45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3EF1B4D-6556-4B3C-BDD0-6348A4D4A91D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C5C7CF-005B-42FC-B950-90303F0CC115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2FA2CF-7FE4-43B1-96A0-C14666EDBD7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30290F6D-55CA-47EB-8F41-7BBB745C7A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61F0607-14B0-49AD-B7E6-C4D75401C270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FED863D-2898-4148-A9FB-73BFF9DE4396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"779C1245-A6F9-41F5-B8D4-FAE506A23FD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E7CFEE9-70D4-465F-9FB9-397E6B200FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197E56BF-BE78-459F-A124-786DF39D1235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7BC1684-3634-4585-B7E6-8C8777E1DA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A490D040-EF74-45C2-89ED-D88ADD222712\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CDA17D1-CD93-401E-860C-7C3291FEEB7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062C901-3828-415B-A6C3-EDD0E7B20C0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC0D8730-7034-4AD6-9B05-F8BAFB0145EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"857AFB05-F0C1-4061-9680-9561D68C908F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC37EBAF-C979-4ACC-ACA9-BDC2AECCB0D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"80801CD8-EEAF-4BC4-9085-DCCC6CF73076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAF4C78A-5093-4871-AF69-A8E8FD7E1AAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"560AD4C7-89D2-4323-BBCC-A89EEB6832CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B389CBC-4F6C-4C17-A87B-A6DD92703A10\"}]}]}],\"references\":[{\"url\":\"http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=660053\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://hacks.mozilla.org/2010/08/firefox-4-http-strict-transport-security-force-https/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=660053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…