Insecure Cookie Creation in Firefox and Focus for Android by Mozilla
CVE-2023-29547
6.5MEDIUM
Key Information:
- Vendor
Mozilla
- Vendor
- CVE Published:
- 2 June 2023
What is CVE-2023-29547?
A vulnerability in Firefox and Focus for Android allows for the creation of an insecure cookie when a secure cookie already exists for the same domain. This mishandling should have triggered a failure but instead results in potential desynchronization of cookie values. Affected versions include Firefox and Focus for Android prior to version 112.
Affected Version(s)
Firefox < 112
Firefox for Android < 112
Focus for Android < 112