CVE-2002-1126
published 2002-09-24CVE-2002-1126: Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is…
PriorityP48low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
1.52%
71.5th percentile
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| galeon | galeon_browser | — | — |
| galeon | galeon_browser | — | — |
| galeon | galeon_browser | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x37x-6gcq-9wg8: Mozilla 1
ghsa_unreviewed·2022-04-30
CVE-2002-1126 [LOW] GHSA-x37x-6gcq-9wg8: Mozilla 1
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
Red Hat
security flaw
vendor_redhat·2002-05-19·CVSS 2.6
CVE-2002-1126 [LOW] security flaw
security flaw
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2002-1126 security flaw
bugzilla·2018-08-16·CVSS 2.6
CVE-2002-1126 [LOW] CVE-2002-1126 security flaw
CVE-2002-1126 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
Bugzilla
CVE-2007-5275 Flash plugin DNS rebinding
bugzilla·2007-11-05·CVSS 5.0
CVE-2007-5275 [MEDIUM] CVE-2007-5275 Flash plugin DNS rebinding
CVE-2007-5275 Flash plugin DNS rebinding
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5275 to the following vulnerability:
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
References:
http://crypto.stanford.edu/dns/dns-rebinding.pdf
Discussion:
Issue was addressed in supported products by:
https://rhn.redhat.com/errata/RHSA-2007-1126.html
http://bugzilla.mozilla.org/show_bug.cgi?id=145579http://marc.info/?l=bugtraq&m=103176760004720&w=2http://www.iss.net/security_center/static/10084.phphttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075http://www.redhat.com/support/errata/RHSA-2002-192.htmlhttp://www.redhat.com/support/errata/RHSA-2003-046.htmlhttp://www.securityfocus.com/bid/5694http://bugzilla.mozilla.org/show_bug.cgi?id=145579http://marc.info/?l=bugtraq&m=103176760004720&w=2http://www.iss.net/security_center/static/10084.phphttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075http://www.redhat.com/support/errata/RHSA-2002-192.htmlhttp://www.redhat.com/support/errata/RHSA-2003-046.htmlhttp://www.securityfocus.com/bid/5694
2002-09-24
Published