CVE-2023-3482

Summary

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 115affected

Weaknesses

  • Block all cookies bypass for localstorage

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References