Firefox Cookie Jar Desync via Insecure Cookie Creation (CVE-2023-29547)
CVE-2023-29547 Published on June 2, 2023
When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Vulnerability Analysis
CVE-2023-29547 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Products Associated with CVE-2023-29547
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29547 are published in these products:
Affected Versions
Mozilla Firefox for Android:- Version unspecified and below 112 is affected.
- Version unspecified and below 112 is affected.
- Version unspecified and below 112 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.