Remote File Reading Vulnerability in Netscape and Mozilla
CVE-2002-0354

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla; Navigator
Vendor: CVE Published:; 25 June 2002

Summary

The XMLHttpRequest object in Netscape 6.1 and Mozilla 0.9.7 has a security flaw that allows remote attackers to access arbitrary files on a client's local system. By redirecting the browser to a URL that points to a file on the client, attackers can exploit the responseText property to read the contents of these files, potentially exposing sensitive information. This vulnerability highlights the importance of validating URLs and access controls in web applications.

References

http://marc.info/?l=bugtraq&m=102017952204097&w=2

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=ntbugtraq&m=102020343728766&w=2

mailing-listx_refsource_NTBUGTRAQ

Timeline

Vulnerability published
Jun 25, 2002
Vulnerability Reserved
May 1, 2002