CVE-2023-4055 Vulnerability Details

  /     /     /  

CVE-2023-4055 Metadata Quick Info

CVE Published: 01/08/2023 | CVE Updated: 22/10/2024 | CVE Year: 2023
Source: mozilla | Vendor: Mozilla | Product: Firefox
Status : PUBLISHED

---

CVE-2023-4055 Description

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Cookie jar overflow caused unexpected cookie jar state
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).