Vulnerability Name:

CVE-2002-2359 (CCN-9757)

Assigned:2002-08-06
Published:2002-08-06
Updated:2008-09-05
Summary:Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: VulnWatch Mailing List, Tue Aug 06 2002 - 02:15:52 CDT
Mozilla FTP View Cross-Site Scripting Vulnerability

Source: VULNWATCH
Type: UNKNOWN
20020806 Mozilla FTP View Cross-Site Scripting Vulnerability

Source: CCN
Type: VulnWatch Mailing List, Tue Aug 06 2002 - 02:15:59 CDT
Opera FTP View Cross-Site Scripting Vulnerability

Source: CCN
Type: Bugzilla Bug 154030
HTML directory indexer doesn't html-escape url

Source: MISC
Type: UNKNOWN
http://bugzilla.mozilla.org/show_bug.cgi?id=154030

Source: MITRE
Type: CNA
CVE-2002-2358

Source: MITRE
Type: CNA
CVE-2002-2359

Source: XF
Type: UNKNOWN
multiple-ftp-view-xss(9757)

Source: CCN
Type: Mozilla Web site
mozilla.org

Source: CCN
Type: OSVDB ID: 59529
Opera FTP View URL Title Tag XSS

Source: CCN
Type: OSVDB ID: 59530
Mozilla FTP View URL Title Tag XSS

Source: CCN
Type: BID-5401
Opera FTP View Cross-Site Scripting Vulnerability

Source: BID
Type: Exploit, Patch
5403

Source: CCN
Type: BID-5403
Mozilla FTP View Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
multiple-ftp-view-xss(9757)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla mozilla 1.0
    mozilla mozilla 1.0 rc1
    mozilla mozilla 1.0 rc2
    mozilla mozilla 1.1 alpha
    mozilla mozilla 1.0
    opera opera browser 6.03
    opera opera browser 6.04
    microsoft windows 2000 * sp2