CVE-2013-6167
The MITRE CVE dictionary describes this issue as:
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Find out more about CVE-2013-6167 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue affects the version of firefox as shipped with Red Hat Enterprise Linux 5 and 6. Upstream does not include moderate impact fixes in the Extended Support Releases. This issue will be addressed in the next ESR rebase.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | firefox | Will not fix |
| Red Hat Enterprise Linux 6 | firefox | Fix deferred |
| Red Hat Enterprise Linux 5 | firefox | Fix deferred |
CVE description copyright © 2017, The MITRE Corporation