Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

  • Published: Dec 31, 2005
  • Updated: Apr 13, 2023
  • CVE: CVE-2005-4685
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
mozilla / mozilla 1.4.2 1.4.2.x
mozilla / mozilla 0.9.5 0.9.5.x
mozilla / firefox 0.8 0.8.x
mozilla / firefox 1.5-beta2 1.5-beta2.x
mozilla / mozilla 0.9.35 0.9.35.x
mozilla / mozilla 1.8-alpha4 1.8-alpha4.x
mozilla / mozilla 0.9.3 0.9.3.x
mozilla / mozilla 1.0.1 1.0.1.x
mozilla / mozilla 1.7-alpha 1.7-alpha.x
mozilla / mozilla 0.9.48 0.9.48.x
mozilla / mozilla 1.7-rc1 1.7-rc1.x
mozilla / mozilla 1.2.1 1.2.1.x
mozilla / mozilla 1.0-rc1 1.0-rc1.x
mozilla / mozilla m16 m16.x
mozilla / firefox 1.0.2 1.0.2.x
mozilla / firefox 1.5-beta1 1.5-beta1.x
mozilla / mozilla 1.2-alpha 1.2-alpha.x
mozilla / mozilla 1.7 1.7.x
mozilla / mozilla 0.9.7 0.9.7.x
mozilla / mozilla 1.1-beta 1.1-beta.x
mozilla / firefox 0.9.1 0.9.1.x
mozilla / mozilla 1.0-rc2 1.0-rc2.x
mozilla / firefox 1.0.4 1.0.4.x
mozilla / firefox 1.0.7 1.0.7.x
mozilla / mozilla 1.7.4 1.7.4.x
mozilla / mozilla 1.7.5 1.7.5.x
mozilla / firefox 0.10.1 0.10.1.x
mozilla / firefox 0.9 0.9.x
mozilla / mozilla 0.9.2.1 0.9.2.1.x
mozilla / mozilla 1.4.1 1.4.1.x
mozilla / mozilla 1.4-beta 1.4-beta.x
mozilla / mozilla 1.2 1.2.x
mozilla / mozilla 0.9.2 0.9.2.x
mozilla / mozilla 1.7.11 1.7.11.x
mozilla / mozilla 1.8-alpha3 1.8-alpha3.x
mozilla / mozilla 1.4.4 1.4.4.x
mozilla / mozilla 1.7.7 1.7.7.x
mozilla / mozilla 1.3 1.3.x
mozilla / mozilla 1.2-beta 1.2-beta.x
mozilla / firefox 1.0 1.0.x
mozilla / mozilla 1.0 1.0.x
mozilla / mozilla 1.7-beta 1.7-beta.x
mozilla / mozilla 0.9.8 0.9.8.x
mozilla / firefox 1.0.1 1.0.1.x
mozilla / mozilla 1.4 1.4.x
mozilla / mozilla 1.5 1.5.x
mozilla / mozilla 1.8-alpha1 1.8-alpha1.x
mozilla / mozilla 0.9.4 0.9.4.x
mozilla / firefox preview_release preview_release.x
mozilla / firefox 1.0.3 1.0.3.x
mozilla / mozilla 1.7.6 1.7.6.x
mozilla / mozilla 1.7.1 1.7.1.x
mozilla / mozilla 1.7.10 1.7.10.x
mozilla / firefox 0.9.3 0.9.3.x
mozilla / mozilla 1.7.12 1.7.12.x
mozilla / mozilla 1.4-alpha 1.4-alpha.x
mozilla / mozilla 1.7.8 1.7.8.x
mozilla / mozilla 0.9.6 0.9.6.x
mozilla / mozilla 1.5.1 1.5.1.x
mozilla / mozilla 1.7.9 1.7.9.x
mozilla / mozilla 1.1 1.1.x
mozilla / firefox 0.9.2 0.9.2.x
mozilla / mozilla 1.1-alpha 1.1-alpha.x
mozilla / mozilla 0.9.4.1 0.9.4.1.x
mozilla / mozilla 0.8 0.8.x
mozilla / mozilla 1.7.2 1.7.2.x
mozilla / firefox 0.9-rc 0.9-rc.x
mozilla / mozilla 1.0.2 1.0.2.x
mozilla / mozilla 1.8-alpha2 1.8-alpha2.x
mozilla / mozilla 1.7-rc3 1.7-rc3.x
mozilla / mozilla m15 m15.x
mozilla / mozilla 1.7-rc2 1.7-rc2.x
mozilla / firefox 0.10 0.10.x
mozilla / mozilla 1.7.3 1.7.3.x
mozilla / mozilla 1.3.1 1.3.1.x
mozilla / firefox 1.0.5 1.0.5.x
mozilla / mozilla 0.9.9 0.9.9.x
mozilla / firefox 1.0.6 1.0.6.x
mozilla / mozilla 1.6 1.6.x