Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2338

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUM
EPSS
7.4%
top 8.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla MozillaNetscape CommunicatorNetscape Navigator
Timeline
PublishedDec 31
Latest updateApr 30

Description

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDnetscape/communicator16 versions+15
NVDmozilla/mozilla11 versions+10
NVDnetscape/navigator6 versions+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-w6p5-vm5x-8m2m: The POP3 mail client in Mozilla 12022-04-30
CVEList
CVE-2002-2338: The POP3 mail client in Mozilla 12007-10-29

💥Exploits & PoCs

1
Exploit-DB
Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service2002-06-12
CVE-2002-2338 (MEDIUM CVSS 5) | The POP3 mail client in Mozilla 1.0 | cvebase.io