Common Vulnerabilities and Exposures assigned an identifier CVE-2008-7293 to
the following vulnerability:
Reference: http://code.google.com/p/browsersec/wiki/Part2 #Same-origin_policy_for_cookies
Mozilla Firefox before 4 cannot properly restrict modifications to
cookies established in HTTPS sessions, which allows man-in-the-middle
attackers to overwrite or delete arbitrary cookies via a Set-Cookie
header in an HTTP response, related to lack of the HTTP Strict
Transport Security (HSTS) includeSubDomains feature, aka a "cookie
The only way I know of to correct this is to upgrade to Firefox 4 or newer.
This issue was addressed in Red Hat Enterprise Linux 5 and 6 by rebasing Firefox to 10.0.0 ESR.