{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40958", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-03T12:28:42.952Z", "dateReserved": "2022-09-19T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105."}], "affected": [{"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "102.3", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "102.3", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "105", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Bypassing Secure Context restriction for cookies with __Host and __Secure prefix"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:28:42.952Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2022-40/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-41/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-42/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B117A240-56A6-4045-93C4-09722ED3A3B8", "versionEndExcluding": "105.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7DB7A5C-E118-4ABD-AE52-33AAA899B36D", "versionEndExcluding": "102.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9DE429C-DF44-4398-8358-16F6126599E0", "versionEndExcluding": "102.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105."}, {"lang": "es", "value": "Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podr\u00eda establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocar\u00eda la fijaci\u00f3n de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR &lt; 102.3, Thunderbird &lt; 102.3 y Firefox &lt; 105."}], "id": "CVE-2022-40958", "lastModified": "2023-01-04T03:50:20.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:39.080", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Axel Chong (@Haxatron) as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:6710", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:102.3.0-3.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6711", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:102.3.0-6.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6702", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:102.3.0-6.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6708", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:102.3.0-3.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6703", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.3.0-6.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6716", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.3.0-3.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6707", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:102.3.0-6.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6715", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:102.3.0-3.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6701", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:102.3.0-6.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6713", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:102.3.0-3.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6700", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:102.3.0-6.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-09-26T00:00:00Z"}, {"advisory": "RHSA-2022:6717", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:102.3.0-3.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-09-26T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix", "id": "2128794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128794"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-784", "details": ["By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixation and other attacks."], "name": "CVE-2022-40958", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-09-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40958\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40958\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40958"], "threat_severity": "Moderate", "upstream_fix": "thunderbird 102.3, firefox 102.3"}