CVE-2018-5114

Summary

If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 58affected

Weaknesses

  • The old value of a cookie changed to HttpOnly remains accessible to scripts

ADP Enrichment

CVE Program Container

Additional References

References