CVE-2025-8037Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Mozilla Firefox

CWE-614Sensitive Cookie in HTTPS Session Without 'Secure' AttributeCWE-770Allocation of Resources Without Limits or Throttling12 documents9 sources
Severity
9.1CRITICALNVD
EPSS
0.0%
top 84.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJul 22
Latest updateFeb 2

Description

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDmozilla/firefox< 140.1+1
NVDmozilla/thunderbird< 140.1+1
Ubuntumozilla/thunderbird< 1:140.7.1+build1-0ubuntu0.22.04.1

🔴Vulnerability Details

3
OSV
CVE-2025-8037: Setting a nameless cookie with an equals sign in the value shadowed other cookies2025-07-22
GHSA
GHSA-fw75-5frq-vxhg: Setting a nameless cookie with an equals sign in the value shadowed other cookies2025-07-22
CVEList
Nameless cookies shadow secure cookies2025-07-22

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Red Hat
firefox: thunderbird: Nameless cookies shadow secure cookies2025-07-22
Debian
CVE-2025-8037: firefox - Setting a nameless cookie with an equals sign in the value shadowed other cookie...2025
Microsoft
ppp decapsulator can be convinced to allocate a large amount of memory2020-11-10
Mozilla
Mozilla Foundation Security Advisory 2025-59: CVE-2025-8037
CVE-2025-8037 — Mozilla Firefox vulnerability | cvebase