Security Advisory

CVE-2025-8037

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-22 20:49:25

Last updated 2026-04-13 14:26:53

Assigner mozilla

State PUBLISHED

Description

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

← Browse all CVEs View on cve.org ↗