CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.9%
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey
1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via
(1) a large cookie path parameter, which triggers memory consumption, or
(2) an internal delimiter within cookie path or name values, which could
trigger a misinterpretation of cookie data, aka “Path Abuse in Cookies.”