January 29th, 2002, 07:28 AM
Source: Oxygen newsletter by Pandasoftware
SecuriTeam has reported that, because of a vulnerabilities in Mozilla and Netscape browsers, it's possible for an attacker to access cookies on users' computers.
This problem, which affects versions of Mozilla earlier than 0.9.7 and Netscape versions prior to 6.2.1, could allow an attacker to steal a user's cookies for a given domain if the attacker can convince the user's browser to load a given URL. It does not require active scripting to be enabled in the browser, and can be done with something as simple as an image tag pointing to a specially crafted URL. This tag could be included in a web page or e-mail.
Cookies, which are often used as a means of identifying and authenticating users within a website, contain information including user names and passwords. If cookies are stolen, an attacker can gain the confidential information stored in them and impersonate the victim in the corresponding websites.
January 30th, 2002, 06:13 AM
Is there a tool actually available that demonstrates this or is this a theory?
Noah built the ark BEFORE it rained.
January 30th, 2002, 06:22 AM
I would imagine it works almost exactly the same as the IE exploits....there was a link that demonstrated the vuln for IE in the bugtraq mailing list. I will post it tomorrow......
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust