CVE-2002-0354

Published: Jun 25, 2002Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Affected (7)

Products: Mozilla: Mozilla · Netscape: Navigator

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Mozilla Mozilla	Version 0.9.7
Mozilla Mozilla	Version 0.9.9
Mozilla Mozilla	Version 1.0 rc1
Mozilla Mozilla	Version 1.0 rc2
Mozilla Mozilla	Version 1.0 rc3
Netscape Navigator	Version 6.1
Netscape Navigator	Version 6.2

References (4)

http://marc.info/?l=bugtraq&m=102017952204097&w=2

Source: cve@mitre.org

http://marc.info/?l=ntbugtraq&m=102020343728766&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=102017952204097&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=ntbugtraq&m=102020343728766&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.