DEBIAN-CVE-2023-4055

DEBIAN-CVE-2023-4055 PUBLISHED CVSS 7.5 HIGH

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:12	firefox-esr	102.13.0esr-1, 102.13.0esr-1~deb11u1, 102.13.0esr-1~deb12u1
Debian:13	thunderbird	0, 0, 0
Debian:14	firefox-esr	0, 0, 0
Debian:12	thunderbird	102.13.0-1, 102.13.1-1, 102.13.1-1
Debian:11	firefox-esr	91.8.0esr-1~deb9u1, 91.9.0esr-1, 91.9.0esr-1~deb10u1
Debian:13	firefox-esr	0, 0, 0
Debian:14	thunderbird	0, 0, 0
Debian:11	thunderbird	1:91.7.0-2, 1:102.0.1-1, 1:102.0.2-1

Timeline

Aug 1, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-4055 advisory

Open in Interactive Console →