Intrusion Prevention

Mozzila.Firefox.Location.Hostname.Dom.Property.Cookie.Theft

Description

This indicates an attempt to exploit one of several vulnerabilities in Mozilla based browsers.
Mozilla based browsers allow remote attackers to bypass the "same origin" policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname DOM property. The vulnerability is due to interactions with the DNS resolver code.

Affected Products

Firefox before 1.5.0.10 and 2.x before 2.0.0.2
SeaMonkey before 1.0.8

Impact

Information disclosure.
Denial of service.

Recommended Actions

The vendor has released updated versions of the affected application to address this issue.

CVE References

CVE-2007-0981