|Description||Mozilla Firefox 1.5.x before 22.214.171.124 and 2.x before 126.96.36.199, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1300-1, DSA-1306-1, DSA-1308-1, DTSA-45-1, DTSA-47-1, DTSA-51-1|
|NVD severity||medium (attack range: remote)|
The information below is based on the following data on fixed versions.