January 29th, 2002, 07:28 AM
Source: Oxygen newsletter by Pandasoftware
SecuriTeam has reported that, because of a vulnerabilities in Mozilla and Netscape browsers, it's possible for an attacker to access cookies on users' computers.
This problem, which affects versions of Mozilla earlier than 0.9.7 and Netscape versions prior to 6.2.1, could allow an attacker to steal a user's cookies for a given domain if the attacker can convince the user's browser to load a given URL. It does not require active scripting to be enabled in the browser, and can be done with something as simple as an image tag pointing to a specially crafted URL. This tag could be included in a web page or e-mail.
Cookies, which are often used as a means of identifying and authenticating users within a website, contain information including user names and passwords. If cookies are stolen, an attacker can gain the confidential information stored in them and impersonate the victim in the corresponding websites.