Mozilla Firefox 105.0, Mozilla Firefox ESR 102.3 or Mozilla Thunderbird 102.3 : By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks.