CVE-2002-2013
Summary
| CVE | CVE-2002-2013 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2002-12-31 05:00:00 UTC |
| Updated | 2008-09-05 20:32:00 UTC |
| Description | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Mozilla | 0.9.2 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.3 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.5 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.6 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.2.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.3 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.4.1 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.5 | All | All | All |
| Application | Mozilla | Mozilla | 0.9.6 | All | All | All |
| Application | Netscape | Communicator | 4.0 | All | All | All |
| Application | Netscape | Communicator | 4.06 | All | All | All |
| Application | Netscape | Communicator | 4.07 | All | All | All |
| Application | Netscape | Communicator | 4.08 | All | All | All |
| Application | Netscape | Communicator | 4.4 | All | All | All |
| Application | Netscape | Communicator | 4.5 | All | All | All |
| Application | Netscape | Communicator | 4.51 | All | All | All |
| Application | Netscape | Communicator | 4.5_beta | All | All | All |
| Application | Netscape | Communicator | 4.6 | All | All | All |
| Application | Netscape | Communicator | 4.61 | All | All | All |
| Application | Netscape | Communicator | 4.7 | All | All | All |
| Application | Netscape | Communicator | 4.72 | All | All | All |
| Application | Netscape | Communicator | 4.73 | All | All | All |
| Application | Netscape | Communicator | 4.74 | All | All | All |
| Application | Netscape | Communicator | 4.75 | All | All | All |
| Application | Netscape | Communicator | 4.76 | All | All | All |
| Application | Netscape | Communicator | 4.77 | All | All | All |
| Application | Netscape | Communicator | 4.78 | All | All | All |
| Application | Netscape | Communicator | 4.0 | All | All | All |
| Application | Netscape | Communicator | 4.06 | All | All | All |
| Application | Netscape | Communicator | 4.07 | All | All | All |
| Application | Netscape | Communicator | 4.08 | All | All | All |
| Application | Netscape | Communicator | 4.4 | All | All | All |
| Application | Netscape | Communicator | 4.5 | All | All | All |
| Application | Netscape | Communicator | 4.51 | All | All | All |
| Application | Netscape | Communicator | 4.5_beta | All | All | All |
| Application | Netscape | Communicator | 4.6 | All | All | All |
| Application | Netscape | Communicator | 4.61 | All | All | All |
| Application | Netscape | Communicator | 4.7 | All | All | All |
| Application | Netscape | Communicator | 4.72 | All | All | All |
| Application | Netscape | Communicator | 4.73 | All | All | All |
| Application | Netscape | Communicator | 4.74 | All | All | All |
| Application | Netscape | Communicator | 4.75 | All | All | All |
| Application | Netscape | Communicator | 4.76 | All | All | All |
| Application | Netscape | Communicator | 4.77 | All | All | All |
| Application | Netscape | Communicator | 4.78 | All | All | All |
| Application | Netscape | Navigator | 4.77 | All | All | All |
| Application | Netscape | Navigator | 6.0 | All | All | All |
| Application | Netscape | Navigator | 6.01 | All | All | All |
| Application | Netscape | Navigator | 6.1 | All | All | All |
| Application | Netscape | Navigator | 6.2 | All | All | All |
| Application | Netscape | Navigator | 4.77 | All | All | All |
| Application | Netscape | Navigator | 6.0 | All | All | All |
| Application | Netscape | Navigator | 6.01 | All | All | All |
| Application | Netscape | Navigator | 6.1 | All | All | All |
| Application | Netscape | Navigator | 6.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ISS X-Force Database: mozilla-netscape-steal-cookies (7973): Mozilla and Netscape Web browsers could allow an attacker to steal cookie-based authentication information | XF | www.iss.net | Patch |
| Neohapsis Archives - Bugtraq - Mozilla Cookie Exploit - From [email protected] | BUGTRAQ | archives.neohapsis.com | Exploit |
| Demo | MISC | alive.znep.com | Exploit |
| Netscape/Mozilla Null Character Cookie Stealing Vulnerability | BID | www.securityfocus.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2006-08-30 | Mark J Cox | Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. |
There are currently no legacy QID mappings associated with this CVE.