CVE-2004-0871

CVE Database · CVE-2004-0871

CVE-2004-0871

· N/AModified

CVSS v3.1

N/A

EPSS

1.14%

Published

Sep 16, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

Affected Products (1)

mozilla · mozillavulnerable

References (8)

http://securityfocus.com/archive/1/375407

Vendor Advisory

http://securitytracker.com/id?1011331

http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17417

http://securityfocus.com/archive/1/375407

Vendor Advisory

http://securitytracker.com/id?1011331

http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17417

KEV Catalog EPSS Scores Vendors All CVEs