Back to search
CVE-2013-6167
Published: Feb 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20131017 Re: browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
https://bugzilla.mozilla.org/show_bug.cgi?id=858215
x_refsource_CONFIRM
[oss-security] 20131016 Re: browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
[oss-security] 20130403 browser document.cookie DoS vulnerability
mailing-list
x_refsource_MLIST
http://redmine.lighttpd.net/issues/2188
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now