Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6167

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-6167
Last Modified 18 Feb 2014 01:21:39
Published 15 Feb 2014 09:57:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6167

Summary

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

Vulnerable Systems

Application

  • Mozilla Firefox 27.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=858215

MLIST - [oss-security] 20130403 browser document.cookie DoS vulnerability

MLIST - [oss-security] 20131017 Re: browser document.cookie DoS vulnerability

MLIST - [oss-security] 20131016 Re: browser document.cookie DoS vulnerability

MISC - http://redmine.lighttpd.net/issues/2188


Last Updated: 27 May 2016 11:04:28