Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-2314

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-2314
Last Modified 05 Sep 2008 04:32:54
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-2314

Summary

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.

Vulnerable Systems

Application

  • Mozilla 1.0


References

XF - mozilla-javascript-steal-cookies(9656)

BID - 5293

CONFIRM - http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html

BUGTRAQ - 20020724 Mozilla cookie stealing - Sandblad advisory #9

BUGTRAQ - 20020918 Mozilla vulnerabilities, an update

MISC - http://bugzilla.mozilla.org/show_bug.cgi?id=152725


Last Updated: 27 May 2016 10:37:42