CVE-2013-6167

Firefox < 27.0 - Cross-Site Request Forgery via Malformed Cookie Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6167. PoCs published by anonymous.

AI-analyzed exploit summary The exploit describes a denial-of-service vulnerability in Mozilla Firefox due to improper input validation, allowing injection of special characters into local cookie storage. This causes targeted websites to respond with errors, leading to a DoS condition.

Description

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.

Exploits (1)

exploitdb WRITEUP VERIFIED
by anonymous · textdosmultiple
https://www.exploit-db.com/exploits/38798

The exploit describes a denial-of-service vulnerability in Mozilla Firefox due to improper input validation, allowing injection of special characters into local cookie storage. This causes targeted websites to respond with errors, leading to a DoS condition.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Theoretical
Target: Mozilla Firefox 19
No auth needed
Prerequisites: A vulnerable version of Mozilla Firefox · A website hosted on specific web server software (e.g., lighttpd)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/121
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=858215
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/117
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/03/10
Issue Tracking x_refsource_misc
http://redmine.lighttpd.net/issues/2188

Scores

EPSS 0.0164
EPSS Percentile 73.5%

Details

CWE
CWE-352
Status published
Products (1)
mozilla/firefox < 27.0
Published Feb 15, 2014
Tracked Since Feb 18, 2026