Remote Cookie Theft in Mozilla and Netscape Browsers
CVE-2002-2013

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla; Navigator; Communicator
Vendor: CVE Published:; 31 December 2002

Summary

Older versions of Mozilla and Netscape allow attackers to exploit a vulnerability that enables the remote theft of cookies from unsuspecting users. By crafting a specially designed link containing a hex-encoded null character (%00) followed by the target domain, malicious actors can bypass the security restrictions placed on cross-domain cookie access. This poses significant risks to user privacy and data integrity.

References

http://www.securityfocus.com/bid/3925

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2002-01/02...

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/7973.php

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 31, 2002