CVE-2023-4055

Published: Aug 1, 2023Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Affected (5)

Products: Mozilla: Firefox · Debian: Debian Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 116.0
Mozilla Firefox	From 102.0 to 102.14
Mozilla Firefox	From 115.0 to 115.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 12.0

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (16)

https://bugzilla.mozilla.org/show_bug.cgi?id=1782561

Source: security@mozilla.org

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Source: security@mozilla.org

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Source: security@mozilla.org

https://www.debian.org/security/2023/dsa-5464

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2023/dsa-5469

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2023-29/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-30/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-31/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1782561

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2023/dsa-5464

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2023/dsa-5469

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2023-29/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-30/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-31/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.