When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html | |
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html | |
https://www.debian.org/security/2023/dsa-5464 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5469 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-29/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-30/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-31/ | Vendor Advisory |
Configurations
History
09 Aug 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Aug 2023, 14:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 - Issue Tracking, Permissions Required | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-29/ - Vendor Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-31/ - Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2023/dsa-5464 - Third Party Advisory | |
References | (MISC) https://www.mozilla.org/security/advisories/mfsa2023-30/ - Vendor Advisory | |
References | (MISC) https://www.debian.org/security/2023/dsa-5469 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Mozilla firefox Esr
Debian debian Linux Mozilla Mozilla firefox Debian |
07 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 16:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-01 16:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-4055
Mitre link : CVE-2023-4055
CVE.ORG link : CVE-2023-4055
JSON object : View
Products Affected
mozilla
- firefox
- firefox_esr
debian
- debian_linux
CWE