| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76792 | 2007-02-16 00:57:00 | Firefox cookie vulnerability | Speedy Gonzales (78) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 525046 | 2007-02-16 00:57:00 | For people using Firefox 2.0.0.1 and maybe versions below. You may want to go here (www.theregister.co.uk) to see if your FF is vulnerable. And either install Noscript, or add something to about:config |
Speedy Gonzales (78) | ||
| 525047 | 2007-02-16 03:08:00 | Here's a direct link: lcamtuf.coredump.cx I'm vulnerable. :( |
pcuser42 (130) | ||
| 525048 | 2007-02-16 03:28:00 | EXPLOITATION UNSUCCESSFUL The page at *.dione.cc attempted to set a test cookie for *.coredump.cx, but failed to complete this operation. It might be that your browser is not vulnerable to the attack, or that it is configured not to accept session cookies from my domains. hmmm....running Firefox 2.0.0.1, and AVG, nothing else, No firewall, no entries in my host file..... |
Metla (12) | ||
| 525049 | 2007-02-16 03:35:00 | Is Noscript installed? | Speedy Gonzales (78) | ||
| 525050 | 2007-02-16 03:47:00 | FF 1.5.0.9 portable, No-Script not installed Firefox location.hostname vulnerability demo (stage 2) EXPLOITATION UNSUCCESSFUL The page at *.dione.cc attempted to set a test cookie for *.coredump.cx, but failed to complete this operation. It might be that your browser is not vulnerable to the attack, or that it is configured not to accept session cookies from my domains. Comments and questions: Michal Zalewski <lcamtuf@coredump.cx> |
Rob99 (151) | ||
| 525051 | 2007-02-16 04:04:00 | Only FF 2.0.0.1 is vulnerable. | pcuser42 (130) | ||
| 525052 | 2007-02-16 05:23:00 | ff 1.5.0.9, was vulnerable. Thanks for that |
annie (6010) | ||
| 525053 | 2007-02-16 07:30:00 | Ummmmmm I followed the link pcuserwinXP gave and the first time I got the same result as metla, however when i tried a second time it told me i was vulnerable I am using FF 2.0.0.1 as well If the result says EXPLOITATION UNSUCCESSFUL hit f5 to refresh the page and see if it still says the same thing |
Morgenmuffel (187) | ||
| 525054 | 2007-02-16 07:38:00 | Refreshed the page a number of times, still states it was unseccesful, and nope, dont have noscript installed. Im thinking my PC just knows whats expected of it.:D |
Metla (12) | ||
| 525055 | 2007-02-16 07:57:00 | Vulnerable FF 2.0.0.1 sarel |
sarel (2490) | ||
| 1 2 | |||||