Cookie exploit could also affect Safari

It appears that Safari may be vulnerable to the same exploit that can be used to steal cookies with a specific path set, and can be used to steal cookies with the secure flag set, originally reported as a flaw in Mozilla and Netscape 6.x.

A posting to the BugTraq message boards states "All the versions of Safari from ver. 1.0 (v85) through 1.1 (v100.1) are also vulnerable. Security Update 2003-11-19 is not the mitigation for this vuln.

"For temporary solution, Hetima Computer (has a) fix-patch. CookieMonsterFix

"Although this page is mainly written in Japanese, scroll down to the bottom of page and read the 'Description in English.' Use it at your own risk.

Feedback? Late-breakers@macfixit.com.

Resources