Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-4055

Опубликовано: 01 авг. 2023
Источник: debian
EPSS Низкий

Описание

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed116.0-1package
firefox-esrfixed115.1.0esr-1package
thunderbirdfixed1:115.1.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4055

EPSS

Процентиль: 50%
0.00271
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-4055

CVSS3: 7.5
ubuntu
больше 2 лет назад

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

redhat логотип

CVE-2023-4055

CVSS3: 7.5
redhat
больше 2 лет назад

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

nvd логотип

CVE-2023-4055

CVSS3: 7.5
nvd
больше 2 лет назад

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

github логотип

GHSA-38vw-jr6f-3c23

CVSS3: 7.5
github
больше 2 лет назад

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

fstec логотип

BDU:2023-04440

CVSS3: 4.3
fstec
больше 2 лет назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками управления состоянием в результате превышения количества файлов cookie в document.cookie, позволяющая нарушителю оказать влияние на целостность защищаемой информации

EPSS

Процентиль: 50%
0.00271
Низкий