Unrated severityNVD Advisory· Published Feb 15, 2014· Updated Jun 17, 2026
CVE-2013-6167
CVE-2013-6167
Description
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=27.0
- (no CPE)range: <=27
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.