You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-24

Mozilla Foundation Security Advisory 2011-24

Title: Cookie isolation error
Impact: Moderate
Announced: June 21, 2011
Reporter: David Chan
Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.18
  Thunderbird 3.1.11


Mozilla security researcher David Chan reported that cookies set for (note the trailing dot) and were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party.

This issue did not affect Firefox 4, SeaMonkey 2.1, or newer Mozilla-based products.