CVE-2002-2013

CWE-129 — Improper Array Index Validation CWE-122 — Heap-based Buffer Overflow11 documents6 sources

Severity

5.0MEDIUM

EPSS

0.5%

top 35.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Mozilla Netscape Communicator Netscape Navigator

Timeline

PublishedDec 31

Latest updateApr 30

Description

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/mozilla7 versions+6

▶NVDnetscape/navigator5 versions+4

▶NVDnetscape/communicator18 versions+17

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-gf6p-gjjg-j6pg: Mozilla 0↗2022-04-30

▶

CVEList

CVE-2002-2013: Mozilla 0↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)↗2018-11-14

▶

Exploit-DB

Webuzo 2.1.3 - Multiple Vulnerabilities↗2014-02-28

▶

Exploit-DB

Winamp 5.63 - 'winamp.ini' Local Overflow↗2013-08-26

▶

Exploit-DB

Light HTTPd 0.1 (Windows) - Remote Buffer Overflow↗2013-04-25

▶

📋Vendor Advisories

Red Hat

libXt: Array Index error leading to heap-based OOB write↗2013-05-23

▶

Red Hat

CVE-2002-2013: Mozilla 0↗

▶

💬Community

Bugzilla

CVE-2013-2002 libXt: Array Index error leading to heap-based OOB write↗2013-05-07

▶