CVE-2013-6167
published 2014-02-15CVE-2013-6167: Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.64%
73.3th percentile
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 27.0 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Mozilla: browser document.cookie DoS vulnerability
vendor_redhat·2013-04-03·CVSS 6.8
CVE-2013-6167 [MEDIUM] Mozilla: browser document.cookie DoS vulnerability
Mozilla: browser document.cookie DoS vulnerability
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Package: firefox (Red Hat Enterprise Linux 5) - Will not fix
Package: firefox (Red Hat Enterprise Linux 6) - Will not fix
Package: firefox (Red Hat Enterprise Linux 7) - Affected
GHSA
GHSA-47hp-rr8h-63v7: Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows rem
ghsa_unreviewed·2022-05-17
CVE-2013-6167 [MEDIUM] CWE-352 GHSA-47hp-rr8h-63v7: Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows rem
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
No detection rules found.
http://redmine.lighttpd.net/issues/2188http://seclists.org/oss-sec/2013/q4/117http://seclists.org/oss-sec/2013/q4/121http://www.openwall.com/lists/oss-security/2013/04/03/10https://bugzilla.mozilla.org/show_bug.cgi?id=858215http://redmine.lighttpd.net/issues/2188http://seclists.org/oss-sec/2013/q4/117http://seclists.org/oss-sec/2013/q4/121http://www.openwall.com/lists/oss-security/2013/04/03/10https://bugzilla.mozilla.org/show_bug.cgi?id=858215
2014-02-15
Published