CVE-2002-2013
UnknownEPSS 1.63%
Last modified
CVE-2002-2013 is a vulnerability of currently unknown severity. Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | 0.9.2 |
| Mozilla | Mozilla | 0.9.2.1 |
| Mozilla | Mozilla | 0.9.3 |
| Mozilla | Mozilla | 0.9.4 |
| Mozilla | Mozilla | 0.9.4.1 |
| Mozilla | Mozilla | 0.9.5 |
| Mozilla | Mozilla | 0.9.6 |
| Netscape | Communicator | 4.0 |
| Netscape | Communicator | 4.4 |
| Netscape | Communicator | 4.5 |
| Netscape | Communicator | 4.5_beta |
| Netscape | Communicator | 4.06 |
| Netscape | Communicator | 4.6 |
| Netscape | Communicator | 4.07 |
| Netscape | Communicator | 4.7 |
| Netscape | Communicator | 4.08 |
| Netscape | Communicator | 4.51 |
| Netscape | Communicator | 4.61 |
| Netscape | Communicator | 4.72 |
| Netscape | Communicator | 4.73 |
| Netscape | Communicator | 4.74 |
| Netscape | Communicator | 4.75 |
| Netscape | Communicator | 4.76 |
| Netscape | Communicator | 4.77 |
| Netscape | Communicator | 4.78 |
| Netscape | Navigator | 4.77 |
| Netscape | Navigator | 6.0 |
| Netscape | Navigator | 6.01 |
| Netscape | Navigator | 6.1 |
| Netscape | Navigator | 6.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-2013?
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
How severe is CVE-2002-2013?
Severity scoring for CVE-2002-2013 is pending analysis. The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.
How do I fix CVE-2002-2013?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2002-2013?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST