C-Note-07-008: Zalewski Cookie Setting / Same-Domain Bypass Vulnerability (02/22/07)

Mozilla-based browsers contain a cross-domain vulnerability. A vulnerability would allow a browser to think you were at one site while you were actuallly downloading content from another. The attacking site would see cookies that would normally be seen by the real site.

This advisory is posted at: https://bugzilla.mozilla.org/show_bug.cgi?id=370445

CIAC would like to thank Mozilla for this information.