First published: Tue Sep 06 2016(Updated: )
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opera Opera | ||
Apple Safari | ||
Mozilla Firefox | ||
Microsoft Edge | ||
Microsoft Internet Explorer | ||
Google Chrome |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.