CVE-2024-5699

Published: Jun 11, 2024Modified: Apr 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 127.0

Related CWEs

Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1891349

Source: security@mozilla.org

ExploitIssue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-25/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1891349

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-25/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.