CVE-2008-7293

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 4

Description The issue allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. This is related to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which can lead to a "cookie forcing" issue.

Recommendations For versions prior to 4, update to version 4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive cookies to minimize the risk of exploitation.