vulnerability
Rocky Linux: CVE-2023-4055: thunderbird (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Aug 1, 2023 | Mar 5, 2024 | Mar 31, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Aug 1, 2023
Added
Mar 5, 2024
Modified
Mar 31, 2026
Description
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Solutions
rocky-upgrade-firefoxrocky-upgrade-firefox-debuginforocky-upgrade-firefox-debugsourcerocky-upgrade-firefox-x11rocky-upgrade-thunderbirdrocky-upgrade-thunderbird-debuginforocky-upgrade-thunderbird-debugsource
References
- CVE-2023-4055
- https://attackerkb.com/topics/CVE-2023-4055
- CWE-120
- EUVD-EUVD-2023-53946
- https://errata.rockylinux.org/RLSA-2023:4462
- https://errata.rockylinux.org/RLSA-2023:4468
- https://errata.rockylinux.org/RLSA-2023:4497
- https://errata.rockylinux.org/RLSA-2023:4499
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-53946
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.