CVE-2002-1308
published 2002-11-29CVE-2002-1308: Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file…
PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.66%
88.2th percentile
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| netscape | navigator | — | — |
| netscape | navigator | — | — |
| netscape | navigator | — | — |
| netscape | navigator | — | — |
| netscape | navigator | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-11-14·CVSS 7.5
CVE-2002-1308 [HIGH] security flaw
security flaw
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
GHSA
GHSA-hrvq-rhp3-7xpc: Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed
ghsa_unreviewed·2022-04-30
CVE-2002-1308 [HIGH] GHSA-hrvq-rhp3-7xpc: Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
No detection rules found.
No public exploits indexed.
http://bugzilla.mozilla.org/show_bug.cgi?id=157646http://marc.info/?l=bugtraq&m=103730181813075&w=2http://www.redhat.com/support/errata/RHSA-2003-162.htmlhttp://www.redhat.com/support/errata/RHSA-2003-163.htmlhttp://www.securityfocus.com/bid/6185https://exchange.xforce.ibmcloud.com/vulnerabilities/10636http://bugzilla.mozilla.org/show_bug.cgi?id=157646http://marc.info/?l=bugtraq&m=103730181813075&w=2http://www.redhat.com/support/errata/RHSA-2003-162.htmlhttp://www.redhat.com/support/errata/RHSA-2003-163.htmlhttp://www.securityfocus.com/bid/6185https://exchange.xforce.ibmcloud.com/vulnerabilities/10636
2002-11-29
Published