Vulnerability Details CVE-2002-0815
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2002-0815
-
cpe:2.3:a:microsoft:internet_explorer:6.0.2900
-
cpe:2.3:a:mozilla:mozilla:-
-
cpe:2.3:a:mozilla:mozilla:0.8
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.35
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.48
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:mozilla:mozilla:0.9.7
-
cpe:2.3:a:mozilla:mozilla:0.9.8
-
cpe:2.3:a:mozilla:mozilla:0.9.9
-
cpe:2.3:a:mozilla:mozilla:1.0
-
cpe:2.3:a:mozilla:mozilla:1.0.1
-
cpe:2.3:a:mozilla:mozilla:1.0.2
-
cpe:2.3:a:mozilla:mozilla:1.1
-
cpe:2.3:a:mozilla:mozilla:1.2
-
cpe:2.3:a:mozilla:mozilla:1.2.1
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.3.1
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:a:mozilla:mozilla:1.4.1
-
cpe:2.3:a:mozilla:mozilla:1.4.2
-
cpe:2.3:a:mozilla:mozilla:1.4.4
-
cpe:2.3:a:mozilla:mozilla:1.5
-
cpe:2.3:a:mozilla:mozilla:1.5.1
-
cpe:2.3:a:mozilla:mozilla:1.6
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.10
-
cpe:2.3:a:mozilla:mozilla:1.7.11
-
cpe:2.3:a:mozilla:mozilla:1.7.12
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3
-
cpe:2.3:a:mozilla:mozilla:1.7.4
-
cpe:2.3:a:mozilla:mozilla:1.7.5
-
cpe:2.3:a:mozilla:mozilla:1.7.6
-
cpe:2.3:a:mozilla:mozilla:1.7.7
-
cpe:2.3:a:mozilla:mozilla:1.7.8
-
cpe:2.3:a:mozilla:mozilla:1.7.9
-
cpe:2.3:a:mozilla:mozilla:1.8
-
cpe:2.3:a:mozilla:mozilla:5.0
-
cpe:2.3:a:netscape:navigator:-
-
cpe:2.3:a:netscape:navigator:2.02
-
cpe:2.3:a:netscape:navigator:4.0
-
cpe:2.3:a:netscape:navigator:4.01
-
cpe:2.3:a:netscape:navigator:4.02
-
cpe:2.3:a:netscape:navigator:4.03
-
cpe:2.3:a:netscape:navigator:4.04
-
cpe:2.3:a:netscape:navigator:4.05
-
cpe:2.3:a:netscape:navigator:4.06
-
cpe:2.3:a:netscape:navigator:4.07
-
cpe:2.3:a:netscape:navigator:4.08
-
cpe:2.3:a:netscape:navigator:4.5
-
cpe:2.3:a:netscape:navigator:4.61
-
cpe:2.3:a:netscape:navigator:4.7
-
cpe:2.3:a:netscape:navigator:4.75
-
cpe:2.3:a:netscape:navigator:4.77
-
cpe:2.3:a:netscape:navigator:6.0
-
cpe:2.3:a:netscape:navigator:6.01
-
cpe:2.3:a:netscape:navigator:6.1
-
cpe:2.3:a:netscape:navigator:6.2
-
cpe:2.3:a:netscape:navigator:6.2.1
-
cpe:2.3:a:netscape:navigator:6.2.2
-
cpe:2.3:a:netscape:navigator:6.2.3
-
cpe:2.3:a:netscape:navigator:7.0
-
cpe:2.3:a:netscape:navigator:7.0.2
-
cpe:2.3:a:netscape:navigator:7.02
-
cpe:2.3:a:netscape:navigator:7.1
-
cpe:2.3:a:netscape:navigator:7.2
-
cpe:2.3:a:netscape:navigator:8.0.3.3
-
cpe:2.3:a:netscape:navigator:8.0.3.4
-
cpe:2.3:a:netscape:navigator:8.0.40
-
cpe:2.3:a:netscape:navigator:8.1
-
cpe:2.3:a:netscape:navigator:8.1.2
-
cpe:2.3:a:netscape:navigator:8.1.3
-
cpe:2.3:a:netscape:navigator:9.0
-
cpe:2.3:a:netscape:navigator:_navigator