Lucene search
HistoryJun 11, 2024 - 1:15 p.m.
CVE-2024-5699
violation of spec
cookie prefixes
ignored
case-insensitive comparison
browser behavior
vulnerability
firefox < 127
In violation of spec, cookie prefixes such as __Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.
Affected configurations
Node
mozillafirefoxRange≤127
CNA Affected
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "127",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
CVE-2024-5699
2024-06-11 12:40:18
wolfi
wolfi
CVE-2024-5699 vulnerabilities
2024-06-28 15:21:31
nvd
nvd
CVE-2024-5699
2024-06-11 13:15:51
ubuntucve
ubuntucve
CVE-2024-5699
2024-06-11 00:00:00
debiancve
debiancve
CVE-2024-5699
2024-06-11 13:15:51
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2024-25) - Linux
2024-06-11 00:00:00
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Windows
2024-06-13 00:00:00
Mozilla Firefox Security Update (mfsa_2024-23_2024-26) - Mac OS X
2024-06-13 00:00:00
nessus
nessus
Mozilla Firefox < 127.0
2024-06-11 00:00:00
Fedora 40 : firefox (2024-4a22a9cd11)
2024-06-12 00:00:00
Mozilla Firefox < 127.0
2024-06-11 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 127 — Mozilla
2024-06-11 00:00:00
kaspersky
kaspersky
KLA68921 Multiple vulnerabilities in Mozilla Firefox
2024-06-11 00:00:00