Vulnerability in Mozilla
CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
EPSS: 0.016 (73.1th percentile) — read the EPSS interpretation.
Affected products
- Mozilla — versions 0.9.2, 0.9.2.1, 0.9.3
- Netscape Communicator — versions 4.0, 4.4, 4.5
- Netscape Navigator — versions 4.77, 6.0, 6.01
- N/a — versions n/a
References
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, Exploit, x_refsource_BUGTRAQ)
- cve@mitre.org (Patch, vdb-entry, x_refsource_XF)
- cve@mitre.org (Exploit, x_refsource_MISC)