CVE-2024-1551
Published Feb 20, 2024
Last updated 8 months ago
Overview
- Description
- Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
- Source
- security@mozilla.org
- NVD status
- Awaiting Analysis
Social media
- Hype score
- Not currently trending