More than a thousand cookies of users of the popular Mozilla Firefox browser were freely available вЂ” on the GitHub IT products storage and joint development forum.
According to experts, through someone else's cookies, attackers are theoretically able to access sites under user accounts without entering their login and password. The data was found through a special search query on GitHub вЂ” specialists identified more than 4.5 thousand such files.
Cookies. SQLite type data is placed in the Firefox profile directory. Databases are used to store cookies between browser sessions. Thanks to these files, users do not need to enter logins and passwords on many sites every time they start the browser.
However, files can be used not only in Firefox but also in other browsers. English cybersecurity researcher Aidan Marlin was the first to report on the availability of these files.
Marlin noticed that GitHub refused to influence the situation in any way, including not excluding files from search results. The specialist concluded that the files, once in the hands of scammers, will allow bypassing two-factor authentication.
Earlier it was reported that the new version of the Google Chrome 96 browser caused a malfunction in the work of services such as Twitter, Discord, and Instagram.