2 matches found
CVE-2025-4919
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...
The vulnerabilities of the Firefox browser, Firefox ESR, and the Thunderbird email client allow attackers to bypass the secure context for cookies with prefixes __Host and __Secure, and re-record these cookies.
The vulnerability of Firefox browsers, Firefox ESR, and the email client Thunderbird lies in the use of cookies with prefixes Host and Secure, without validation or verification of their integrity. Exploiting this vulnerability allows an attacker to bypass the security restrictions for cookies wi...