Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure (deprecated)

Medium Nessus Network Monitor Plugin ID 1314


The remote client allows malicious websites to steal 'cookie' data.


The remote host is running a version of the Mozilla browser that may allow script code to access cookie data associated with arbitrary domains. It has been reported possible to create a javascript URL which appears to start with a valid domain. Malicious script code may specify an arbitrary domain, and will be able to access cookie data associated with that domain.


Upgrade to Mozilla 1.1 Beta or higher

Plugin Details

Severity: Medium

ID: 1314

Family: SMTP Clients

Published: 2004/08/20

Modified: 2018/09/16

Dependencies: 1330

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-2314

BID: 5293