Setting a nameless cookie with an equals sign in the...
Critical severity
Unreviewed
Published
Jul 22, 2025
to the GitHub Advisory Database
•
Updated Jul 23, 2025
Description
Published by the National Vulnerability Database
Jul 22, 2025
Published to the GitHub Advisory Database
Jul 22, 2025
Last updated
Jul 23, 2025
Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the
Secureattribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.References