> This exploit depends on the attacker leveraging the way in which cookies are
> used by a site. Imagine simple cases where this could be used to change the
> contents of a virtual shopping cart or something like that.
But the attacker can only manipulate/access the content of a cookie with domain=tld.
As long as all other cookies with a hostname in the domain are save, I'd not
agree calling it a vulnerability in the browser.
(In reply to comment #20)
> This exploit depends on the attacker leveraging the way in which cookies are
> used by a site. Imagine simple cases where this could be used to change the
> contents of a virtual shopping cart or something like that.
But the attacker can only manipulate/access the content of a cookie with domain=tld.
As long as all other cookies with a hostname in the domain are save, I'd not
agree calling it a vulnerability in the browser.