Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2011-24

Cookie isolation error

Announced
June 21, 2011
Reporter
David Chan
Impact
Moderate
Products
Firefox, Thunderbird
Fixed in
  • Firefox 3.6.18
  • Thunderbird 3.1.11

Description

Mozilla security researcher David Chan reported that cookies set for example.com. (note the trailing dot) and example.com were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party.

This issue did not affect Firefox 4, SeaMonkey 2.1, or newer Mozilla-based products.

References