CVE-2023-4055

Name
CVE-2023-4055
Description
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.mozilla.org/security/advisories/mfsa2023-30/
MISC https://www.mozilla.org/security/advisories/mfsa2023-31/
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1782561
MISC https://www.mozilla.org/security/advisories/mfsa2023-29/
MISC https://www.debian.org/security/2023/dsa-5464
MISC https://www.debian.org/security/2023/dsa-5469
MISC https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
MISC https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* firefox >= None < 116.0
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* firefox_esr >= 115.0 < 115.1
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* firefox_esr >= 102.0 < 102.14

Vulnerable and fixed packages

Source package Branch Version Maintainer Status