CVE-2022-40958
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podría establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocaría la fijación de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR < 102.3, Thunderbird < 102.3 y Firefox < 105.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixation and other attacks.
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass Content Security Policy or other security restrictions, or execute arbitrary code. These issues only affect Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-19 CVE Reserved
- 2022-09-27 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2022-40 | 2023-01-04 | |
| https://www.mozilla.org/security/advisories/mfsa2022-41 | 2023-01-04 | |
| https://www.mozilla.org/security/advisories/mfsa2022-42 | 2023-01-04 | |
| https://access.redhat.com/security/cve/CVE-2022-40958 | 2022-09-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2128794 | 2022-09-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 105.0 Search vendor "Mozilla" for product "Firefox" and version " < 105.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 102.3 Search vendor "Mozilla" for product "Firefox Esr" and version " < 102.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 102.3 Search vendor "Mozilla" for product "Thunderbird" and version " < 102.3" | - |
Affected
| ||||||