August 2, 2007 - 12:24 UTC - Tags: HttpOnly cookie security firefox
The new version of Firefox supports HttpOnly cookies. Unfortunately though, as Rsnake has written about
here, the implementation has a vulnerability. Call getAllResponseHeaders() on an XMLHttpRequest object reveals the cookie.