FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- cookie shadowing

Affected packages
firefox < 141.0,2
firefox-esr < 140.1
thunderbird < 141.0
thunderbird-esr < 140.1

Details

VuXML ID 5abc2187-685e-11f0-a12d-b42e991fc52e
Discovery 2025-07-22
Entry 2025-07-24

security@mozilla.org reports:

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute.

[source]

References

CVE Name CVE-2025-8037
URL https://nvd.nist.gov/vuln/detail/CVE-2025-8037

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.