FKIE_CVE-2002-1204

Vulnerability from fkie_nvd - Published: 2002-11-29 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
cve@mitre.orghttp://www.idefense.com/advisory/11.19.02c.txtVendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10655.php
cve@mitre.orghttp://www.securityfocus.com/bid/6215
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
af854a3a-2127-422b-91ae-364da2661108http://www.idefense.com/advisory/11.19.02c.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10655.php
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6215
Impacted products
Vendor Product Version
netscape communicator 4.6
netscape communicator 4.7
netscape communicator 4.61
netscape communicator 4.72
netscape communicator 4.73
netscape communicator 4.74
netscape communicator 4.75
netscape communicator 4.76
netscape communicator 4.77
netscape communicator 4.78
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "529E3F71-6016-461D-A162-0DBDD5505389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FD74F5-12ED-4049-B06F-0F22A0254C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA534C4-9411-44EC-AA34-2287C79AD235",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4E8588-A941-4759-B41C-00F193F2C63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E48C051-EB45-4262-86C2-2333FD5C7745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA48AF1E-99EF-419C-B425-001C7134C6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97DE00F-4C73-4C54-918E-D540F2C3297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A07AD2-2293-443A-9A32-316B832A5276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A823994-786D-41D7-9FA7-FF8058C4AFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4613823-DA14-4BE2-986C-2EED3DB82BA7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netscape Communicator 4.x allows attackers to use a link to steal a user\u0027s preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name."
    },
    {
      "lang": "es",
      "value": "Netscape Communicator 4.x permite a atacantes usar un enlace para robar las preferencias de un usuario, incluyendo informaci\u00f3n potencialmente sensible como historia de URLs, direcciones de correo electr\u00f3nico, y posiblemente sus contrase\u00f1as, mediante la redefinici\u00f3n de la funci\u00f3n user_pref() y accediendo al fichero prefs.js, que est\u00e1 almacenado en un directorio con un nombre predecible."
    }
  ],
  "id": "CVE-2002-1204",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-11-29T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/advisory/11.19.02c.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/10655.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.idefense.com/advisory/11.19.02c.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/10655.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6215"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.