CVE-2024-5699

Summary

In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 127affected

Weaknesses

  • Cookie prefixes not treated as case-sensitive

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References