| Vulnerability Name: | CVE-2002-2314 (CCN-9656) | ||||||||
| Assigned: | 2002-07-24 | ||||||||
| Published: | 2002-07-24 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Jul 24 2002 - 09:45:59 CDT Mozilla cookie stealing - Sandblad advisory #9 Source: MISC Type: Exploit http://bugzilla.mozilla.org/show_bug.cgi?id=152725 Source: BUGTRAQ Type: UNKNOWN 20020918 Mozilla vulnerabilities, an update Source: MITRE Type: CNA CVE-2002-2314 Source: BUGTRAQ Type: Exploit 20020724 Mozilla cookie stealing - Sandblad advisory #9 Source: XF Type: Exploit, Patch mozilla-javascript-steal-cookies(9656) Source: MANDRAKE Type: UNKNOWN MDKSA-2002:074 Source: CCN Type: Mozilla Web site mozilla.org Source: CONFIRM Type: UNKNOWN http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html Source: CCN Type: OSVDB ID: 60255 Mozilla Crafted Javascript URI Cross-domain Cookie Disclosure Source: BID Type: UNKNOWN 5293 Source: CCN Type: BID-5293 Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability Source: XF Type: UNKNOWN mozilla-javascript-steal-cookies(9656) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||