CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.iss.net/security_center/static/10084.php	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2002-192.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/5694	Exploit Patch Vendor Advisory
http://bugzilla.mozilla.org/show_bug.cgi?id=145579
http://www.redhat.com/support/errata/RHSA-2003-046.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
http://marc.info/?l=bugtraq&m=103176760004720&w=2

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:mozilla:0.9.5:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.6:::::::*
	cpe:2.3:a:galeon:galeon_browser:1.2.5:::::::*
	cpe:2.3:a:galeon:galeon_browser:1.2.6:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.9:::::::*
	cpe:2.3:a:mozilla:mozilla:1.0.1:::::::*
	cpe:2.3:a:galeon:galeon_browser:1.2.4:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.7:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.8:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.3:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.1:::::::*

Information

Published : 2002-09-23 21:00

Updated : 2016-10-17 19:23

NVD link : CVE-2002-1126

Mitre link : CVE-2002-1126

JSON object : View

CWE

NVD-CWE-Other

Products Affected

galeon

galeon_browser

mozilla

mozilla

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.iss.net/security_center/static/10084.php", "name": "mozilla-onunload-url-leak(10084)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html", "name": "RHSA-2002:192", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/5694", "name": "5694", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html", "name": "RHSA-2003:046", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", "name": "MDKSA-2002:075", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://marc.info/?l=bugtraq&m=103176760004720&w=2", "name": "20020911 Privacy leak in mozilla", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-1126", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-09-24T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T02:23Z"}

2.6 /10