CVE-2024-1551

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-1551
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1551.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-1551
Downstream
Related
Published
2024-02-20T14:15:08Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

References

Affected packages