Posted by Tom Keetch on Mar 29
Adobe have yet to set a fix date for this cookie forcing issue I found
in their Omniture product. If the affected "plug-in" is installed on a
HTTPS protected site, then by setting a malicious cookie for the
insecure domain, it is possible to hijack secure connections to the
This issue would be exploitable by a malicious WiFi access point.
Chris Evans at…