Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1308

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1308
Last Modified 10 Sep 2008 03:14:16
Published 29 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1308

Summary

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

Vulnerable Systems

Application

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.1

  • Netscape Navigator 6.2

  • Netscape Navigator 6.2.1

  • Netscape Navigator 6.2.2

  • Netscape Navigator 6.2.3

  • Netscape Navigator 7.0


References

XF - mozilla-netscape-jar-bo(10636)

BUGTRAQ - 20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.

MISC - http://bugzilla.mozilla.org/show_bug.cgi?id=157646

BID - 6185

REDHAT - RHSA-2003:163

REDHAT - RHSA-2003:162


Last Updated: 27 May 2016 10:37:16