Unrated severityNVD Advisory· Published Feb 15, 2014· Updated Apr 29, 2026

CVE-2013-6167

Description

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=27.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdVendor Advisory
redmine.lighttpd.net/issues/2188nvd
seclists.org/oss-sec/2013/q4/117nvd
seclists.org/oss-sec/2013/q4/121nvd
www.openwall.com/lists/oss-security/2013/04/03/10nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000