VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4jxu-hf9d-hycf

Essentials
Severities (32)
References (46)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4jxu-hf9d-hycf
Aliases	CVE-2023-4055
Summary	When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-784

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4055.json
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
epss	0.00307	https://api.first.org/data/v1/epss?cve=CVE-2023-4055
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1782561
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-4055
ssvc	Track	https://www.debian.org/security/2023/dsa-5464
ssvc	Track	https://www.debian.org/security/2023/dsa-5469
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-30/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-31/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4055.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-4055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
2228367		https://bugzilla.redhat.com/show_bug.cgi?id=2228367
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-4055		https://nvd.nist.gov/vuln/detail/CVE-2023-4055
dsa-5464		https://www.debian.org/security/2023/dsa-5464
dsa-5469		https://www.debian.org/security/2023/dsa-5469
mfsa2023-29		https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-29		https://www.mozilla.org/security/advisories/mfsa2023-29/
mfsa2023-30		https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-30		https://www.mozilla.org/security/advisories/mfsa2023-30/
mfsa2023-31		https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-31		https://www.mozilla.org/security/advisories/mfsa2023-31/
mfsa2023-32		https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33		https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
msg00008.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
msg00010.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
RHSA-2023:4460		https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461		https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462		https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463		https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464		https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465		https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468		https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469		https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492		https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493		https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494		https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495		https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496		https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497		https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499		https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500		https://access.redhat.com/errata/RHSA-2023:4500
show_bug.cgi?id=1782561		https://bugzilla.mozilla.org/show_bug.cgi?id=1782561
USN-6267-1		https://usn.ubuntu.com/6267-1/
USN-6333-1		https://usn.ubuntu.com/6333-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4055.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1782561

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4055

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://www.debian.org/security/2023/dsa-5464

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://www.debian.org/security/2023/dsa-5469

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-29/

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-30/

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-31/

Exploit Prediction Scoring System (EPSS)

Percentile	0.52778
EPSS Score	0.00298
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.490262+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-33.yml	37.0.0