Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6167Cross-Site Request Forgery in Mozilla Firefox

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 36.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Mozilla Firefox
Timeline
PublishedFeb 15
Latest updateMay 17

Description

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/firefox27.0

🔴Vulnerability Details

1
GHSA
GHSA-47hp-rr8h-63v7: Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows rem2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox - Cookie Verification Denial of Service2013-04-04

📋Vendor Advisories

1
Red Hat
Mozilla: browser document.cookie DoS vulnerability2013-04-03

💬Community

1
Bugzilla
CVE-2013-6167 Mozilla: browser document.cookie DoS vulnerability2014-02-18