THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-5699

Reserved:2024-06-06
Published:2024-06-11
Updated:2024-06-11

Description

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.

Problem types

Cookie prefixes not treated as case-sensitive

Product status

Any version before 127
affected

Credits

Konstantin Preißer

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1891349

https://www.mozilla.org/security/advisories/mfsa2024-25/

cve.org CVE-2024-5699

nvd.nist.gov CVE-2024-5699

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-5699