ID CVE-2002-1126
Summary Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
References
Vulnerable Configurations
  • cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2016 - 02:23)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2002:192
  • rhsa
    id RHSA-2003:046
refmap via4
bid 5694
bugtraq 20020911 Privacy leak in mozilla
confirm http://bugzilla.mozilla.org/show_bug.cgi?id=145579
mandrake MDKSA-2002:075
xf mozilla-onunload-url-leak(10084)
Last major update 18-10-2016 - 02:23
Published 24-09-2002 - 04:00
Last modified 18-10-2016 - 02:23
Back to Top