CVE-2002-2314

N/A Unknown

Published: December 31, 2002 Modified: April 16, 2026

Description

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugzilla.mozilla.org/show_bug.cgi?id=152725

Source: cve@mitre.org

Exploit

http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html

Source: cve@mitre.org

http://seclists.org/bugtraq/2002/Jul/0260.html

Source: cve@mitre.org

Exploit

http://www.iss.net/security_center/static/9656.php

Source: cve@mitre.org

Exploit Patch

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074

Source: cve@mitre.org

http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/5293

Source: cve@mitre.org

http://bugzilla.mozilla.org/show_bug.cgi?id=152725