CVE-2004-0867

Published: Dec 23, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.

Affected (27)

Products: Kde: Konqueror · Microsoft: Ie, Internet Explorer · Mozilla: Firefox · +1 more

Show all products

Kde: Konqueror · Microsoft: Ie, Internet Explorer · Mozilla: Firefox · Suse: Suse Linux

1 product

2 products

1 product

1 product

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Kde Konqueror	Version 2.1.1
Kde Konqueror	Version 2.1.2
Kde Konqueror	Version 2.2.1
Kde Konqueror	Version 2.2.2
Kde Konqueror	Version 3.0.1
Kde Konqueror	Version 3.0.2
Kde Konqueror	Version 3.0.3
Kde Konqueror	Version 3.0.5
Kde Konqueror	Version 3.0.5b
Kde Konqueror	Version 3.0
Kde Konqueror	Version 3.1.1
Kde Konqueror	Version 3.1.2
Kde Konqueror	Version 3.1.3
Kde Konqueror	Version 3.1.4
Kde Konqueror	Version 3.1.5
Kde Konqueror	Version 3.1
Kde Konqueror	Version 3.2.1
Kde Konqueror	Version 3.2.3
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Internet Explorer	Version 6.0
Mozilla Firefox	Version 0.9.2