Mozilla Firefox - Cookie Verification Denial of Service

EDB-ID:

38798


Author:

anonymous

Type:

dos


Platform:

Multiple

Date:

2013-04-04


source: https://www.securityfocus.com/bid/62969/info

Mozilla Firefox is prone to a denial-of-service vulnerability because it fails to verify the user supplied input.

Successfully exploiting this issue will allow an attacker to inject special characters into the browser's local cookie storage, resulting in the requested website always responding with an error message which is hosted on specific web server software (like lighttpd). This will cause a denial-of-service condition.

Firefox 19 is vulnerable; other versions may also be affected.

Note: This issue was previously covered in BID 58857 (Google Chrome and Mozilla Firefox Browser Cookie Verification Security Weakness), but has been moved to its own record for better documentation. 

http://www.example.com/?utm_source=test&utm_medium=test&utm_campaign=te%05st