THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-5699

Assignermozilla
Reserved2024-06-06
Published2024-06-11
Updated2024-06-14

Description

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.

Problem types

Cookie prefixes not treated as case-sensitive

Product status

Any version before 127
affected

Credits

Konstantin Preißer

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1891349

https://www.mozilla.org/security/advisories/mfsa2024-25/

cve.org CVE-2024-5699

nvd.nist.gov CVE-2024-5699

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-5699
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +