CVE-2023-4055

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1 Thunderbird (affected versions not specified)

Description The issue is related to errors in state management due to an excessive number of cookies in document.cookie. This could allow a remote attacker to impact the integrity of protected information. When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with the expected cookie jar state, potentially causing requests to be sent with some cookies missing.

Recommendations For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. As a temporary workaround for Thunderbird, consider restricting the use of the document.cookie until a patch is available.