7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.2%
When the number of cookies per domain was exceeded in document.cookie
,
the actual cookie jar sent to the host was no longer consistent with
expected cookie jar state. This could have caused requests to be sent with
some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR
< 102.14, and Firefox ESR < 115.1.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.15.0+build1-0ubuntu0.20.04.1 | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1782561
launchpad.net/bugs/cve/CVE-2023-4055
nvd.nist.gov/vuln/detail/CVE-2023-4055
security-tracker.debian.org/tracker/CVE-2023-4055
ubuntu.com/security/notices/USN-6267-1
ubuntu.com/security/notices/USN-6333-1
www.cve.org/CVERecord?id=CVE-2023-4055
www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055
www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055
www.mozilla.org/security/advisories/mfsa2023-29/
www.mozilla.org/security/advisories/mfsa2023-30/
www.mozilla.org/security/advisories/mfsa2023-31/