Vulnerability Description
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | 0.9.2 |
| Netscape | Communicator | 4.0 |
| Netscape | Navigator | 4.77 |
References
- http://alive.znep.com/~marcs/security/mozillacookie/demo.htmlExploit
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.htmlExploit
- http://www.iss.net/security_center/static/7973.phpPatch
- http://www.securityfocus.com/bid/3925Patch
- http://alive.znep.com/~marcs/security/mozillacookie/demo.htmlExploit
- http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.htmlExploit
- http://www.iss.net/security_center/static/7973.phpPatch
- http://www.securityfocus.com/bid/3925Patch
FAQ
What is CVE-2002-2013?
CVE-2002-2013 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
How severe is CVE-2002-2013?
CVE-2002-2013 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2013?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla, Netscape Communicator, Netscape Navigator.