High severity7.5NVD Advisory· Published Aug 1, 2023· Updated Jun 17, 2026
CVE-2023-4055
CVE-2023-4055
Description
When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
35<116+ 2 more
- (no CPE)range: <116
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- osv-coords32 versionspkg:apk/chainguard/firefox-esrpkg:rpm/almalinux/firefoxpkg:rpm/almalinux/firefox-x11pkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 116.0-r0+ 31 more
- (no CPE)range: < 116.0-r0
- (no CPE)range: < 102.14.0-1.el9_2.alma
- (no CPE)range: < 102.14.0-1.el9_2.alma
- (no CPE)range: < 102.14.0-1.el8_8.alma
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 116.0.2-1.1
- (no CPE)range: < 115.1.0-150200.8.127.1
- (no CPE)range: < 115.1.0-150200.8.127.1
- (no CPE)range: < 102.14.0-1.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150000.150.97.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-112.173.1
- (no CPE)range: < 115.1.0-112.173.1
- (no CPE)range: < 115.1.0-150000.150.97.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-112.173.1
- (no CPE)range: < 115.1.0-150000.150.97.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-150200.152.99.1
- (no CPE)range: < 115.1.0-112.173.1
- (no CPE)range: < 115.1.0-150200.8.127.1
- (no CPE)range: < 115.1.0-150200.8.127.1
- (no CPE)range: < 115.1.0-150200.8.127.1
- (no CPE)range: < 115.1.0-150200.8.127.1
Patches
Vulnerability mechanics
References
8- www.debian.org/security/2023/dsa-5464nvdThird Party Advisory
- www.debian.org/security/2023/dsa-5469nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2023-29/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2023-30/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2023-31/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
- lists.debian.org/debian-lts-announce/2023/08/msg00008.htmlnvd
- lists.debian.org/debian-lts-announce/2023/08/msg00010.htmlnvd
News mentions
0No linked articles in our index yet.