Mozilla < 0.9.7 Null Byte Cookie Disclosure (deprecated)

High Nessus Network Monitor Plugin ID 1747

Synopsis

The remote host is using a vulnerable version of the Mozilla web browser.

Description

The remote host is using a version of the Mozilla web browser that may allow an attacker to steal the cookies of the users because of the way Mozilla handles null characters in its URLs.

Solution

Upgrade to Mozilla 0.9.7 or higher.

Plugin Details

Severity: High

ID: 1747

File Name: 1747.prm

Family: Web Clients

Published: 2004/08/20

Modified: 2015/06/01

Dependencies: 1769

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

CVE: CVE-2002-2013

BID: 3925