Vulnerabilities > CVE-2002-1204 - Unspecified vulnerability in Netscape Communicator

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

netscape

NVD

Published: 2002-11-29

Updated: 2024-11-20

Summary

Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Vulnerable Configurations

Part	Description	Count
Application	Netscape Netscape Communicator 4.76 Netscape Communicator 4.77 Netscape Communicator 4.61 Netscape Communicator 4.73 Netscape Communicator 4.7 Netscape Communicator 4.78 Netscape Communicator 4.74 Netscape Communicator 4.72 Netscape Communicator 4.75 Netscape Communicator 4.6	10

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
http://www.idefense.com/advisory/11.19.02c.txt
http://www.idefense.com/advisory/11.19.02c.txt
http://www.iss.net/security_center/static/10655.php
http://www.iss.net/security_center/static/10655.php
http://www.securityfocus.com/bid/6215
http://www.securityfocus.com/bid/6215