CVE-2023-4055

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4055

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4055.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-4055

Downstream

DEBIAN-CVE-2023-4055

DLA-3521-1

DLA-3523-1

DSA-5464-1

DSA-5469-1

OESA-2023-1671

OESA-2023-1673

OESA-2023-1674

RHSA-2023:4460

RHSA-2023:4461

RHSA-2023:4462

RHSA-2023:4463

RHSA-2023:4464

RHSA-2023:4465

RHSA-2023:4468

RHSA-2023:4469

RHSA-2023:4492

RHSA-2023:4493

RHSA-2023:4494

RHSA-2023:4495

RHSA-2023:4496

RHSA-2023:4497

RHSA-2023:4499

RHSA-2023:4500

SUSE-SU-2023:3161-1

SUSE-SU-2023:3162-1

SUSE-SU-2023:3163-1

SUSE-SU-2023:3228-1

UBUNTU-CVE-2023-4055

USN-6267-1

USN-6333-1

openSUSE-SU-2024:13091-1

openSUSE-SU-2024:13124-1

openSUSE-SU-2024:13133-1

openSUSE-SU-2024:14572-1

Related

Published

2023-08-01T16:15:09Z

Modified

2025-08-09T20:01:26Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

References

Affected packages