{
  "id": "CVE-2024-1551",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2024-02-20T14:15:08.790",
  "lastModified": "2024-03-04T09:15:37.913",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
    },
    {
      "lang": "es",
      "value": "Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera controlar el encabezado de respuesta Content-Type, as\u00ed como controlar parte del cuerpo de la respuesta, podr\u00eda inyectar encabezados de respuesta Set-Cookie que el navegador habr\u00eda respetado. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/",
      "source": "security@mozilla.org"
    }
  ]
}