1. CVE-Search
  2. CVE-2002-2013
ID CVE-2002-2013
Summary Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.5_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.06:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.07:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.08:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.51:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-09-2008 - 20:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 3925
bugtraq 20020121 Mozilla Cookie Exploit
misc http://alive.znep.com/~marcs/security/mozillacookie/demo.html
xf mozilla-netscape-steal-cookies(7973)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 05-09-2008 - 20:32
Published 31-12-2002 - 05:00
Last modified 05-09-2008 - 20:32
Back to Top