CVE-2002-0354
published 2002-06-25CVE-2002-0354: The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system…
PriorityP416medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.04%
59.7th percentile
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| netscape | navigator | — | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-04-25·CVSS 5.0
CVE-2002-0354 [MEDIUM] security flaw
security flaw
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
GHSA
GHSA-238g-h6pm-rw9x: The XMLHttpRequest object (XMLHTTP) in Netscape 6
ghsa_unreviewed·2022-04-30
CVE-2002-0354 [MEDIUM] GHSA-238g-h6pm-rw9x: The XMLHttpRequest object (XMLHTTP) in Netscape 6
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
No detection rules found.
No public exploits indexed.
2002-06-25
Published