CVE-2023-29547

11 documents8 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 57.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla Firefox FOR AndroidMozilla Focus FOR Android+2 more
Timeline
PublishedJun 2
Latest updateJun 13

Description

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefox_for_androidunspecified112
CVEListV5mozilla/firefoxunspecified112
NVDmozilla/firefox< 112.0
NVDmozilla/firefox_esr< 102.10
CVEListV5mozilla/focus_for_androidunspecified112

🔴Vulnerability Details

6
CVEList
CVE-2023-29547: When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently fa2023-06-02
GHSA
GHSA-3hwv-cmwg-vxxj: When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently fa2023-06-02
OSV
firefox regressions2023-04-26
OSV
firefox regressions2023-04-18
OSV
firefox vulnerabilities2023-04-12

📋Vendor Advisories

4
Microsoft
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization i2023-06-13
Ubuntu
Firefox vulnerabilities2023-04-12
Debian
CVE-2023-29547: firefox - When a secure cookie existed in the Firefox cookie jar an insecure cookie for th...2023
Mozilla
Mozilla Foundation Security Advisory 2023-13: CVE-2023-29547
CVE-2023-29547 (MEDIUM CVSS 6.5) | When a secure cookie existed in the | cvebase.io