Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Firefox
- < 127
Source
security@mozilla.org
Tags
CVE-2024-5699 details
Published : June 11, 2024, 1:15 p.m.
Last Modified : June 11, 2024, 1:54 p.m.
Last Modified : June 11, 2024, 1:54 p.m.
Description
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1891349 | security@mozilla.org |
https://www.mozilla.org/security/advisories/mfsa2024-25/ | security@mozilla.org |
This website uses the NVD API, but is not approved or certified by it.