Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure (deprecated)

medium Nessus Network Monitor Plugin ID 1314

Synopsis

The remote client allows malicious websites to steal 'cookie' data.

Description

The remote host is running a version of the Mozilla browser that may allow script code to access cookie data associated with arbitrary domains. It has been reported possible to create a javascript URL which appears to start with a valid domain. Malicious script code may specify an arbitrary domain, and will be able to access cookie data associated with that domain.

Solution

Upgrade to Mozilla 1.1 Beta or higher

Plugin Details

Severity: Medium

ID: 1314

Family: SMTP Clients

Published: 8/20/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-2314

BID: 5293