CVE-2023-4055

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

09 Aug 2023, 21:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html -

08 Aug 2023, 12:15

Type Values Removed Values Added
References
  • (MISC) https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html -

07 Aug 2023, 14:58

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 - (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 - Issue Tracking, Permissions Required
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - Vendor Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - Vendor Advisory
References (MISC) https://www.debian.org/security/2023/dsa-5464 - (MISC) https://www.debian.org/security/2023/dsa-5464 - Third Party Advisory
References (MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - (MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - Vendor Advisory
References (MISC) https://www.debian.org/security/2023/dsa-5469 - (MISC) https://www.debian.org/security/2023/dsa-5469 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Mozilla firefox Esr
Debian debian Linux
Mozilla
Mozilla firefox
Debian

07 Aug 2023, 08:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5469 -

04 Aug 2023, 04:15

Type Values Removed Values Added
References
  • (MISC) https://www.debian.org/security/2023/dsa-5464 -

01 Aug 2023, 16:43

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-01 16:15

Updated : 2023-12-10 15:14


NVD link : CVE-2023-4055

Mitre link : CVE-2023-4055

CVE.ORG link : CVE-2023-4055


JSON object : View

Products Affected

mozilla

  • firefox
  • firefox_esr

debian

  • debian_linux