6.4

CVE-2005-4685

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.7
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Versionpreview_release
MozillaMozilla Version0.8
MozillaMozilla Version0.9.2
MozillaMozilla Version0.9.2.1
MozillaMozilla Version0.9.3
MozillaMozilla Version0.9.4
MozillaMozilla Version0.9.4.1
MozillaMozilla Version0.9.5
MozillaMozilla Version0.9.6
MozillaMozilla Version0.9.7
MozillaMozilla Version0.9.8
MozillaMozilla Version0.9.9
MozillaMozilla Version0.9.35
MozillaMozilla Version0.9.48
MozillaMozilla Version1.0
MozillaMozilla Version1.0 Updaterc1
MozillaMozilla Version1.0 Updaterc2
MozillaMozilla Version1.0.1
MozillaMozilla Version1.0.2
MozillaMozilla Version1.1
MozillaMozilla Version1.1 Updatealpha
MozillaMozilla Version1.1 Updatebeta
MozillaMozilla Version1.2
MozillaMozilla Version1.2 Updatealpha
MozillaMozilla Version1.2 Updatebeta
MozillaMozilla Version1.2.1
MozillaMozilla Version1.3
MozillaMozilla Version1.3.1
MozillaMozilla Version1.4
MozillaMozilla Version1.4 Updatealpha
MozillaMozilla Version1.4 Updatebeta
MozillaMozilla Version1.4.1
MozillaMozilla Version1.4.2
MozillaMozilla Version1.4.4
MozillaMozilla Version1.5
MozillaMozilla Version1.5.1
MozillaMozilla Version1.6
MozillaMozilla Version1.7
MozillaMozilla Version1.7 Updatealpha
MozillaMozilla Version1.7 Updatebeta
MozillaMozilla Version1.7 Updaterc1
MozillaMozilla Version1.7 Updaterc2
MozillaMozilla Version1.7 Updaterc3
MozillaMozilla Version1.7.1
MozillaMozilla Version1.7.2
MozillaMozilla Version1.7.3
MozillaMozilla Version1.7.4
MozillaMozilla Version1.7.5
MozillaMozilla Version1.7.6
MozillaMozilla Version1.7.7
MozillaMozilla Version1.7.8
MozillaMozilla Version1.7.9
MozillaMozilla Version1.7.10
MozillaMozilla Version1.7.11
MozillaMozilla Version1.7.12
MozillaMozilla Version1.8 Updatealpha1
MozillaMozilla Version1.8 Updatealpha2
MozillaMozilla Version1.8 Updatealpha3
MozillaMozilla Version1.8 Updatealpha4
MozillaMozilla Versionm15
MozillaMozilla Versionm16
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.34% 0.534
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N