When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html | |
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html | |
https://www.debian.org/security/2023/dsa-5464 | Third Party Advisory |
https://www.debian.org/security/2023/dsa-5469 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-29/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-30/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-31/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2023-08-01T15:01:20.220Z
Updated: 2023-08-01T15:01:20.220Z
Reserved: 2023-08-01T15:00:27.480Z
Link: CVE-2023-4055
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-01T16:15:09.967
Modified: 2023-08-09T21:15:11.820
Link: CVE-2023-4055
JSON object: View
Redhat Information
No data.
CWE