CVE-2025-8037

Опубликовано: 22 июл. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1964767
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-56/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-59/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-61/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-63/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*

Версия до 140.1 (исключая)

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Версия до 141.0 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Версия до 140.1 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

Версия до 141.0 (исключая)

EPSS

Процентиль: 3%

0.00018

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-614

Связанные уязвимости

CVE-2025-8037

CVSS3: 9.1

ubuntu

12 дней назад

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVE-2025-8037

CVSS3: 6.1

redhat

12 дней назад

CVE-2025-8037

CVSS3: 9.1

debian

12 дней назад

Setting a nameless cookie with an equals sign in the value shadowed ot ...

GHSA-fw75-5frq-vxhg

CVSS3: 9.1

github

12 дней назад

SUSE-SU-2025:02531-1

suse-cvrf

6 дней назад

Security update for MozillaFirefox

EPSS

Процентиль: 3%

0.00018

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-614