CVE-2002-1204
Last modified
CVE-2002-1204 is a vulnerability of currently unknown severity. Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.
Description
Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netscape | Communicator | 4.6 |
| Netscape | Communicator | 4.7 |
| Netscape | Communicator | 4.61 |
| Netscape | Communicator | 4.72 |
| Netscape | Communicator | 4.73 |
| Netscape | Communicator | 4.74 |
| Netscape | Communicator | 4.75 |
| Netscape | Communicator | 4.76 |
| Netscape | Communicator | 4.77 |
| Netscape | Communicator | 4.78 |
References
- http://www.idefense.com/advisory/11.19.02c.txtVendor Advisory
- http://www.idefense.com/advisory/11.19.02c.txtVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-1204?
How severe is CVE-2002-1204?
How do I fix CVE-2002-1204?
Are you affected by CVE-2002-1204?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST