QwikSec

Security Database

CVE

CWE

Training

CVE-2024-1551

Published: Feb 20, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 123`
Mozilla	Firefox ESR	affected `unspecified - < 115.8`
Mozilla	Thunderbird	affected `unspecified - < 115.8`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1864385

https://www.mozilla.org/security/advisories/mfsa2024-05/

https://www.mozilla.org/security/advisories/mfsa2024-06/

https://www.mozilla.org/security/advisories/mfsa2024-07/

https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html

https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.