Firefox allows websites to set cookies for second-level domain hierarchies where this is inappropriate (eg, allowing somedomain.co.uk to set cookies for ".co.uk"). This may be a potential privacy and security risk if a website stores confidential information in such a cookie and if this would allow other, malicious, websites (eg, otherdomain.co.uk in this instance) to gain access to this data?
An example of a website setting such cookies for ".co.uk" is http://ybs.co.uk/ (NB: not www...)
Observed in Firefox 1.5.0.2 (dapper) and also in 1.0.x (breezy)
Firefox allows websites to set cookies for second-level domain hierarchies where this is inappropriate (eg, allowing somedomain.co.uk to set cookies for ".co.uk"). This may be a potential privacy and security risk if a website stores confidential information in such a cookie and if this would allow other, malicious, websites (eg, otherdomain.co.uk in this instance) to gain access to this data?
An example of a website setting such cookies for ".co.uk" is http:// ybs.co. uk/ (NB: not www...)
Observed in Firefox 1.5.0.2 (dapper) and also in 1.0.x (breezy)