Camsjams

**Name of the Vulnerable Software and Affected Versions** Firebase JavaScript SDK versions prior to 10.9.0 **Description** The Firebase JavaScript SDK utilizes a "FIREBASE DEFAULTS" cookie to store configuration data, including an " authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the " authTokenSyncURL" to point to their own server, allowing them to capture user session data transmitted by the SDK. **Recommendations** Upgrade Firebase JS SDK to at least version 10.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the " authTokenSyncURL" field to minimize the risk of exploitation.