Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
| Software | From | Fixed in |
|---|---|---|
| microsoft / internet_explorer | 6.0 | 6.0.x |
| suse / suse_linux | 1.0 | 1.0.x |
| suse / suse_linux | 8 | 8.x |
| suse / suse_linux | 8.1 | 8.1.x |
| suse / suse_linux | 8.2 | 8.2.x |
| suse / suse_linux | 9.0 | 9.0.x |
| microsoft / ie | 6.0-sp1 | 6.0-sp1.x |
| microsoft / ie | 6.0-sp2 | 6.0-sp2.x |
| kde / konqueror | 2.1.1 | 2.1.1.x |
| kde / konqueror | 2.1.2 | 2.1.2.x |
| kde / konqueror | 2.2.1 | 2.2.1.x |
| kde / konqueror | 2.2.2 | 2.2.2.x |
| kde / konqueror | 3.0 | 3.0.x |
| kde / konqueror | 3.0.1 | 3.0.1.x |
| kde / konqueror | 3.0.2 | 3.0.2.x |
| kde / konqueror | 3.0.3 | 3.0.3.x |
| kde / konqueror | 3.0.5 | 3.0.5.x |
| kde / konqueror | 3.0.5b | 3.0.5b.x |
| kde / konqueror | 3.1 | 3.1.x |
| kde / konqueror | 3.1.1 | 3.1.1.x |
| kde / konqueror | 3.1.2 | 3.1.2.x |
| kde / konqueror | 3.1.3 | 3.1.3.x |
| kde / konqueror | 3.1.4 | 3.1.4.x |
| kde / konqueror | 3.1.5 | 3.1.5.x |
| kde / konqueror | 3.2.1 | 3.2.1.x |
| kde / konqueror | 3.2.3 | 3.2.3.x |
| mozilla / firefox | 0.9.2 | 0.9.2.x |