CVE-2023-4055

Summary

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 116affected
MozillaFirefox ESRunspecified < 102.14affected
MozillaFirefox ESRunspecified < 115.1affected

Weaknesses

  • Cookie jar overflow caused unexpected cookie jar state

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References