Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Disclosure (deprecated)

Medium Nessus Network Monitor Plugin ID 1314

Synopsis

The remote client allows malicious websites to steal 'cookie' data.

Description

The remote host is running a version of the Mozilla browser that may allow script code to access cookie data associated with arbitrary domains. It has been reported possible to create a javascript URL which appears to start with a valid domain. Malicious script code may specify an arbitrary domain, and will be able to access cookie data associated with that domain.

Solution

Upgrade to Mozilla 1.1 Beta or higher

Plugin Details

Severity: Medium

ID: 1314

Family: SMTP Clients

Published: 2004/08/20

Modified: 2018/09/16

Dependencies: 1330

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-2314

BID: 5293