CVE-2024-1551
EPSS
0.04 % (11th)
Advisories
34
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2024-02-20 14:15:08
(6 months ago) - Updated Date
-
2024-03-04 09:15:37
(6 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...