Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1066219 - (CVE-2013-6167) CVE-2013-6167 Mozilla: browser document.cookie DoS vulnerability
CVE-2013-6167 Mozilla: browser document.cookie DoS vulnerability
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130403,repor...
: Security
Depends On:
Blocks: 1066222
  Show dependency treegraph
 
Reported: 2014-02-17 23:51 EST by Murray McAllister
Modified: 2015-07-31 03:16 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Murray McAllister 2014-02-17 23:51:16 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6167 to
the following vulnerability:

Name: CVE-2013-6167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6167
Assigned: 20131016
Reference: http://www.openwall.com/lists/oss-security/2013/04/03/10
Reference: http://seclists.org/oss-sec/2013/q4/117
Reference: http://seclists.org/oss-sec/2013/q4/121
Reference: http://redmine.lighttpd.net/issues/2188
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=858215

Mozilla Firefox through 27 sends HTTP Cookie headers without first
validating that they have the required character-set restrictions,
which allows remote attackers to conduct the equivalent of a
persistent Logout CSRF attack via a crafted parameter that forces a
web application to set a malformed cookie within an HTTP response.
Comment 1 Murray McAllister 2014-02-17 23:52:48 EST 
This is waiting to be fixed upstream (https://bugzilla.mozilla.org/show_bug.cgi?id=858215)

Statement:

This issue affects the version of firefox as shipped with Red Hat Enterprise Linux 5 and 6. Upstream does not include moderate impact fixes in the Extended Support Releases. This issue will be addressed in the next ESR rebase.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.