CVE-2002-0354 — Mozilla vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Netscape Navigator

Timeline

PublishedJun 25

Latest updateApr 30

Description

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/mozilla0.9.7, 0.9.9, 1.0+2

▶NVDnetscape/navigator6.1, 6.2+1

🔴Vulnerability Details

GHSA

GHSA-238g-h6pm-rw9x: The XMLHttpRequest object (XMLHTTP) in Netscape 6↗2022-04-30

▶

CVEList

CVE-2002-0354: The XMLHttpRequest object (XMLHTTP) in Netscape 6↗2002-05-03

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-04-25

▶

💬Community

Bugzilla

CVE-2002-0354 security flaw↗2018-08-16

▶