Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 141
Mozilla Firefox and Thunderbird Nameless Cookie Vulnerability
Vulnerability
Patched
A vulnerability exists in Mozilla Firefox versions prior to 141, Firefox ESR versions prior to 140.1, Thunderbird versions prior to 141, and Thunderbird ESR versions prior to 140.1. This issue arises from the ability to set a nameless cookie with an equals sign in the value, which can shadow other cookies. Notably, the shadowed cookies may include the 'Secure' attribute, yet still be affected. The vulnerability allows for the unintentional overwriting of cookies, potentially disrupting normal cookie-based functionalities.
Impact
Exploitation of this vulnerability leads to the unintentional overwriting of cookies, including those marked as 'Secure', which could disrupt normal cookie-based functionalities and potentially lead to unauthorized access or manipulation of session data.
Remediation
Users can upgrade to Firefox 141, Firefox ESR 140.1, Thunderbird 141, or Thunderbird ESR 140.1 to address this vulnerability.
Added: Jul 22, 2025, 9:27 PM
Updated: Jul 22, 2025, 9:27 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
0.0exploitability
4.7remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.