mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-02 12:01:39 +02:00
marc
1.2 KiB
1.2 KiB
CVE-2024-1551
Description
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
POC
Reference
No PoCs from references.