Описание
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| lucid | ignored | end of life |
| precise | ignored | |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| lucid | ignored | end of life |
| precise | ignored | |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | ignored | end of life |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | ignored | end of life |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
Mozilla Firefox through 27 sends HTTP Cookie headers without first val ...
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response.
EPSS
6.8 Medium
CVSS2