CVE-2023-5723Mozilla Firefox vulnerability

10 documents7 sources
Severity
5.3MEDIUMNVD
OSV4.3
EPSS
0.2%
top 55.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedOct 25
Latest updateNov 14

Description

An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified119
NVDmozilla/firefox< 119.0
Ubuntumozilla/firefox< 119.0+build2-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2023-11-14
OSV
firefox vulnerabilities2023-10-30
OSV
CVE-2023-5723: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document2023-10-25
GHSA
GHSA-7mjf-v629-m8hm: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document2023-10-25
CVEList
CVE-2023-5723: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document2023-10-24

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-11-14
Ubuntu
Firefox vulnerabilities2023-10-30
Debian
CVE-2023-5723: firefox - An attacker with temporary script access to a site could have set a cookie conta...2023
Mozilla
Mozilla Foundation Security Advisory 2023-45: CVE-2023-5723
CVE-2023-5723 — Mozilla Firefox vulnerability | cvebase