© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
ae6c34d
demo site
(Get the code!)
(In reply to comment #20)
> This exploit depends on the attacker leveraging the way in which cookies are
> used by a site. Imagine simple cases where this could be used to change the
> contents of a virtual shopping cart or something like that.
But the attacker can only manipulate/access the content of a cookie with domain=tld.
As long as all other cookies with a hostname in the domain are save, I'd not
agree calling it a vulnerability in the browser.