Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2013

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2013
Last Modified 05 Sep 2008 04:32:06
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2013

Summary

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Vulnerable Systems

Application

  • Mozilla 0.9.2

  • Mozilla 0.9.2.1

  • Mozilla 0.9.3

  • Mozilla 0.9.4

  • Mozilla 0.9.4.1

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Netscape Communicator 4.0

  • Netscape Communicator 4.06

  • Netscape Communicator 4.07

  • Netscape Communicator 4.08

  • Netscape Communicator 4.4

  • Netscape Communicator 4.5

  • Netscape Communicator 4.5 Beta

  • Netscape Communicator 4.51

  • Netscape Communicator 4.6

  • Netscape Communicator 4.61

  • Netscape Communicator 4.7

  • Netscape Communicator 4.72

  • Netscape Communicator 4.73

  • Netscape Communicator 4.74

  • Netscape Communicator 4.75

  • Netscape Communicator 4.76

  • Netscape Communicator 4.77

  • Netscape Communicator 4.78

  • Netscape Navigator 4.77

  • Netscape Navigator 6.0

  • Netscape Navigator 6.01

  • Netscape Navigator 6.1

  • Netscape Navigator 6.2


References

BID - 3925

XF - mozilla-netscape-steal-cookies(7973)

BUGTRAQ - 20020121 Mozilla Cookie Exploit

MISC - http://alive.znep.com/~marcs/security/mozillacookie/demo.html


Last Updated: 27 May 2016 10:37:34