Vulnerability Details CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://alive.znep.com/~marcs/security/mozillacookie/demo.html
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html
- http://www.iss.net/security_center/static/7973.php
- http://www.securityfocus.com/bid/3925
- http://alive.znep.com/~marcs/security/mozillacookie/demo.html
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html
- http://www.iss.net/security_center/static/7973.php
- http://www.securityfocus.com/bid/3925
Products affected by CVE-2002-2013
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:netscape:communicator:4.0
-
cpe:2.3:a:netscape:communicator:4.06
-
cpe:2.3:a:netscape:communicator:4.07
-
cpe:2.3:a:netscape:communicator:4.08
-
cpe:2.3:a:netscape:communicator:4.4
-
cpe:2.3:a:netscape:communicator:4.5
-
cpe:2.3:a:netscape:communicator:4.51
-
cpe:2.3:a:netscape:communicator:4.5_beta
-
cpe:2.3:a:netscape:communicator:4.6
-
cpe:2.3:a:netscape:communicator:4.61
-
cpe:2.3:a:netscape:communicator:4.7
-
cpe:2.3:a:netscape:communicator:4.72
-
cpe:2.3:a:netscape:communicator:4.73
-
cpe:2.3:a:netscape:communicator:4.74
-
cpe:2.3:a:netscape:communicator:4.75
-
cpe:2.3:a:netscape:communicator:4.76
-
cpe:2.3:a:netscape:communicator:4.77
-
cpe:2.3:a:netscape:communicator:4.78
-
cpe:2.3:a:netscape:navigator:4.77
-
cpe:2.3:a:netscape:navigator:6.0
-
cpe:2.3:a:netscape:navigator:6.01
-
cpe:2.3:a:netscape:navigator:6.1
-
cpe:2.3:a:netscape:navigator:6.2