Bug 2228367 (CVE-2023-4055) - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state
Summary: CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-4055
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2225291 2225292 2225293 2225294 2225295 2225296 2225297 2225298 2225299 2225300 2225303 2225304 2225305 2225306 2225307 2225308 2225309 2225310 2225311 2225312 2226760 2226761
Blocks: 2225289
TreeView+ depends on / blocked
 
Reported: 2023-08-02 07:47 UTC by Dhananjay Arunesh
Modified: 2023-08-10 07:49 UTC (History)
8 users (show)

Fixed In Version: firefox 102.14, firefox 115.1, thunderbird 102.14, thunderbird 115.1
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing.
Clone Of:
Environment:
Last Closed: 2023-08-07 13:38:31 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:4460 0 None None None 2023-08-03 12:36:11 UTC
Red Hat Product Errata RHSA-2023:4461 0 None None None 2023-08-03 12:56:27 UTC
Red Hat Product Errata RHSA-2023:4462 0 None None None 2023-08-03 12:56:47 UTC
Red Hat Product Errata RHSA-2023:4463 0 None None None 2023-08-03 12:58:16 UTC
Red Hat Product Errata RHSA-2023:4464 0 None None None 2023-08-03 12:58:00 UTC
Red Hat Product Errata RHSA-2023:4465 0 None None None 2023-08-03 12:59:03 UTC
Red Hat Product Errata RHSA-2023:4468 0 None None None 2023-08-03 13:51:24 UTC
Red Hat Product Errata RHSA-2023:4469 0 None None None 2023-08-03 13:45:06 UTC
Red Hat Product Errata RHSA-2023:4492 0 None None None 2023-08-07 08:10:30 UTC
Red Hat Product Errata RHSA-2023:4493 0 None None None 2023-08-07 08:25:07 UTC
Red Hat Product Errata RHSA-2023:4494 0 None None None 2023-08-07 08:23:29 UTC
Red Hat Product Errata RHSA-2023:4495 0 None None None 2023-08-07 08:37:31 UTC
Red Hat Product Errata RHSA-2023:4496 0 None None None 2023-08-07 08:37:59 UTC
Red Hat Product Errata RHSA-2023:4497 0 None None None 2023-08-07 08:40:10 UTC
Red Hat Product Errata RHSA-2023:4499 0 None None None 2023-08-07 08:39:40 UTC
Red Hat Product Errata RHSA-2023:4500 0 None None None 2023-08-07 08:45:19 UTC

Description Dhananjay Arunesh 2023-08-02 07:47:30 UTC 
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
Comment 1 errata-xmlrpc 2023-08-03 12:36:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4460 https://access.redhat.com/errata/RHSA-2023:4460
Comment 2 errata-xmlrpc 2023-08-03 12:56:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4461 https://access.redhat.com/errata/RHSA-2023:4461
Comment 3 errata-xmlrpc 2023-08-03 12:56:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4462 https://access.redhat.com/errata/RHSA-2023:4462
Comment 4 errata-xmlrpc 2023-08-03 12:57:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4464 https://access.redhat.com/errata/RHSA-2023:4464
Comment 5 errata-xmlrpc 2023-08-03 12:58:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4463 https://access.redhat.com/errata/RHSA-2023:4463
Comment 6 errata-xmlrpc 2023-08-03 12:59:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4465 https://access.redhat.com/errata/RHSA-2023:4465
Comment 7 errata-xmlrpc 2023-08-03 13:45:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4469 https://access.redhat.com/errata/RHSA-2023:4469
Comment 8 errata-xmlrpc 2023-08-03 13:51:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4468 https://access.redhat.com/errata/RHSA-2023:4468
Comment 9 errata-xmlrpc 2023-08-07 08:10:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4492 https://access.redhat.com/errata/RHSA-2023:4492
Comment 10 errata-xmlrpc 2023-08-07 08:23:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4494 https://access.redhat.com/errata/RHSA-2023:4494
Comment 11 errata-xmlrpc 2023-08-07 08:25:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4493 https://access.redhat.com/errata/RHSA-2023:4493
Comment 12 errata-xmlrpc 2023-08-07 08:37:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:4495 https://access.redhat.com/errata/RHSA-2023:4495
Comment 13 errata-xmlrpc 2023-08-07 08:37:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4496 https://access.redhat.com/errata/RHSA-2023:4496
Comment 14 errata-xmlrpc 2023-08-07 08:39:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:4499 https://access.redhat.com/errata/RHSA-2023:4499
Comment 15 errata-xmlrpc 2023-08-07 08:40:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4497 https://access.redhat.com/errata/RHSA-2023:4497
Comment 16 errata-xmlrpc 2023-08-07 08:45:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4500 https://access.redhat.com/errata/RHSA-2023:4500
Comment 17 Product Security DevOps Team 2023-08-07 13:38:29 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-4055
Note You need to log in before you can comment on or make changes to this bug.