CVE-2023-4055
7.5
HIGH
CVSS 3.1
EPSS 0.37%
Description
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
How to fix CVE-2023-4055
To remediate CVE-2023-4055, upgrade the affected package to a fixed version below.
- —upgrade to 102.14.0esr-1~deb11u1 or later
- —upgrade to 1:102.14.0-1~deb11u1 or later
Is CVE-2023-4055 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 102.14.0esr-1~deb11u1
- from 0, < 1:102.14.0-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |