NoScript mitigates HTTPS cookie hijacking attacks

September 11, 2008 – 8:34 AM

The invaluable NoScript for Firefox plug-in just got a tad better.

According to Giorgio Maone, the developer behind the popular browser extension, a new experimental feature called “Forced Secure Cookies” has been added to NoScript v1.8.0.5 to mitigate the HTTPS cookie hijacking attack vector discussed at DEFCON 16 last month.

Source:
http://blogs.zdnet.com/security/?p=1882

Related posts:

• Surf Jack - HTTPS will not save you
• New Tool to Automate Cookie Stealing from Gmail, Others
• Session Hijacking in Windows Networks
• Vulnerability in Google spreadsheets allows cookie stealing
• WordPress 2.5 Cookie Forging Explained