Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-02-15T11:00:00
Updated: 2014-02-15T06:57:00
Reserved: 2013-10-16T00:00:00
Link: CVE-2013-6167
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-02-15T14:57:08.080
Modified: 2014-02-18T18:21:39.413
Link: CVE-2013-6167
JSON object: View
Redhat Information
No data.
CWE