Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2011-24

Cookie isolation error

Announced
June 21, 2011
Reporter
David Chan
Impact
Moderate
Products
Firefox, Thunderbird
Fixed in
  • Firefox 3.6.18
  • Thunderbird 3.1.11

Description

Mozilla security researcher David Chan reported that cookies set for example.com. (note the trailing dot) and example.com were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party.

This issue did not affect Firefox 4, SeaMonkey 2.1, or newer Mozilla-based products.

References