CVE-2023-4055 Information

Description

When the number of cookies per domain was exceeded in document.cookie the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116 Firefox ESR < 102.14 and Firefox ESR < 115.1.

Reference

https://www.mozilla.org/security/advisories/mfsa2023-30/ https://www.mozilla.org/security/advisories/mfsa2023-31/ https://bugzilla.mozilla.org/show_bug.cgi?id=1782561 https://www.mozilla.org/security/advisories/mfsa2023-29/