Mozilla < 0.9.7 Null Byte Cookie Disclosure (deprecated)

high Nessus Network Monitor Plugin ID 1747

Synopsis

The remote host is using a vulnerable version of the Mozilla web browser.

Description

The remote host is using a version of the Mozilla web browser that may allow an attacker to steal the cookies of the users because of the way Mozilla handles null characters in its URLs.

Solution

Upgrade to Mozilla 0.9.7 or higher.

Plugin Details

Severity: High

ID: 1747

Family: Web Clients

Published: 8/20/2004

Updated: 9/16/2018

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-2013

BID: 3925