7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.2%
firefox and thunderbird are vulnerable to Authorization Bypasses. The vulnerability occurs when the number of cookies per domain is exceeded in document.cookie
. The actual cookie jar sent to the host is no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. An attacker could exploit this vulnerability by creating a malicious website that could cause Firefox to send requests with some cookies missing, resulting in authentication bypass or to use the stolen cookies to be used to access other websites.
bugzilla.mozilla.org/show_bug.cgi?id=1782561
lists.debian.org/debian-lts-announce/2023/08/msg00008.html
lists.debian.org/debian-lts-announce/2023/08/msg00010.html
security-tracker.debian.org/tracker/CVE-2023-4055
www.debian.org/security/2023/dsa-5464
www.debian.org/security/2023/dsa-5469
www.mozilla.org/security/advisories/mfsa2023-29/
www.mozilla.org/security/advisories/mfsa2023-30/
www.mozilla.org/security/advisories/mfsa2023-31/