Insecure Cookie Creation Vulnerability in Firefox and Focus for Android

Insecure Cookie Creation Vulnerability in Firefox and Focus for Android

CVE-2023-29547 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

Learn more about our Cis Benchmark Audit For Google Android.