← back
CVE-2013-6167

CVE-2013-6167

EPSS 1.6%
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/38798unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://redmine.lighttpd.net/issues/2188https://bugzilla.mozilla.org/show_bug.cgi?id=858215http://seclists.org/oss-sec/2013/q4/117http://seclists.org/oss-sec/2013/q4/121http://www.openwall.com/lists/oss-security/2013/04/03/10