Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-565 | |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-02-20T13:21:36.343Z
Updated: 2024-11-19T22:09:39.430Z
Reserved: 2024-02-15T18:01:51.754Z
Link: CVE-2024-1551
Vulnrichment
Updated: 2024-08-01T18:40:21.333Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T14:15:08.790
Modified: 2024-11-21T08:50:48.600
Link: CVE-2024-1551
Redhat