CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=145579
http://marc.info/?l=bugtraq&m=103176760004720&w=2
http://www.iss.net/security_center/static/10084.php	Vendor Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
http://www.redhat.com/support/errata/RHSA-2002-192.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-046.html
http://www.securityfocus.com/bid/5694	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:galeon:galeon_browser:1.2.4:::::::*
	cpe:2.3:a:galeon:galeon_browser:1.2.5:::::::*
	cpe:2.3:a:galeon:galeon_browser:1.2.6:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.3:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.4:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.5:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.6:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.7:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.8:::::::*
	cpe:2.3:a:mozilla:mozilla:0.9.9:::::::*
	cpe:2.3:a:mozilla:mozilla:1.0.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.1:::::::*

History

No history.

Information

Published : 2002-09-24 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2002-1126

Mitre link : CVE-2002-1126

CVE.ORG link : CVE-2002-1126

JSON object : View

Products Affected

galeon

galeon_browser

mozilla

mozilla

CWE

NVD-CWE-Other

{"id": "CVE-2002-1126", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-09-24T04:00:00.000", "references": [{"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=145579", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=103176760004720&w=2", "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/10084.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-192.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-046.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/5694", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler."}], "lastModified": "2016-10-18T02:23:55.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:galeon:galeon_browser:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1196F08A-E1AF-41F0-9685-0E54A8409D85"}, {"criteria": "cpe:2.3:a:galeon:galeon_browser:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B32DBCE5-7463-4124-A6E1-5D2206F31E0C"}, {"criteria": "cpe:2.3:a:galeon:galeon_browser:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "864F6D5C-88BE-4FDB-ABD6-E0AB1C7377BA"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}