CVE-2002-2314

medium

Description

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.

References

http://www.securityfocus.com/bid/5293

http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074

http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html

Details

Source: Mitre, NVD

Published: 2002-12-31

Updated: 2008-09-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

Detections

Analytics