When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 116.0 (excluding) |
| Firefox | Mozilla | 102.0 (including) | 102.14 (excluding) |
| Firefox | Mozilla | 115.0 (including) | 115.1 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:102.14.0-1.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:102.14.0-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | firefox-0:102.14.0-1.el8_8 | * |
| Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:102.14.0-1.el8_8 | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | firefox-0:102.14.0-1.el8_1 | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | thunderbird-0:102.14.0-1.el8_1 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | firefox-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | thunderbird-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | firefox-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | thunderbird-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | firefox-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | thunderbird-0:102.14.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | firefox-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | thunderbird-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | firefox-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | thunderbird-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | firefox-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | thunderbird-0:102.14.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | firefox-0:102.14.0-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | thunderbird-0:102.14.0-1.el8_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | firefox-0:102.14.0-1.el9_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:102.14.0-1.el9_2 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | firefox-0:102.14.0-1.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | thunderbird-0:102.14.0-1.el9_0 | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Mozjs102 | Ubuntu | devel | * |
| Mozjs102 | Ubuntu | esm-apps/noble | * |
| Mozjs102 | Ubuntu | jammy | * |
| Mozjs102 | Ubuntu | lunar | * |
| Mozjs102 | Ubuntu | mantic | * |
| Mozjs102 | Ubuntu | noble | * |
| Mozjs102 | Ubuntu | upstream | * |
| Mozjs38 | Ubuntu | bionic | * |
| Mozjs38 | Ubuntu | esm-apps/bionic | * |
| Mozjs38 | Ubuntu | upstream | * |
| Mozjs52 | Ubuntu | bionic | * |
| Mozjs52 | Ubuntu | esm-apps/focal | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs52 | Ubuntu | upstream | * |
| Mozjs68 | Ubuntu | esm-infra/focal | * |
| Mozjs68 | Ubuntu | focal | * |
| Mozjs68 | Ubuntu | upstream | * |
| Mozjs78 | Ubuntu | esm-apps/jammy | * |
| Mozjs78 | Ubuntu | jammy | * |
| Mozjs78 | Ubuntu | lunar | * |
| Mozjs78 | Ubuntu | upstream | * |
| Mozjs91 | Ubuntu | jammy | * |
| Mozjs91 | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | focal | * |
| Thunderbird | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | lunar | * |
| Thunderbird | Ubuntu | mantic | * |
| Thunderbird | Ubuntu | noble | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1782561
- https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
- https://www.debian.org/security/2023/dsa-5464
- https://www.debian.org/security/2023/dsa-5469
- https://www.mozilla.org/security/advisories/mfsa2023-29/
- https://www.mozilla.org/security/advisories/mfsa2023-30/
- https://www.mozilla.org/security/advisories/mfsa2023-31/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1782561
- https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
- https://www.debian.org/security/2023/dsa-5464
- https://www.debian.org/security/2023/dsa-5469
- https://www.mozilla.org/security/advisories/mfsa2023-29/
- https://www.mozilla.org/security/advisories/mfsa2023-30/
- https://www.mozilla.org/security/advisories/mfsa2023-31/