Vulnerabilities > CVE-2002-1204 - Information Disclosure vulnerability in Netscape User Preferences

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

netscape

NVD

Published: 2002-11-29

Updated: 2008-09-10

Summary

Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Vulnerable Configurations

Part	Description	Count
Application	Netscape Netscape Communicator 4.6 Netscape Communicator 4.7 Netscape Communicator 4.61 Netscape Communicator 4.72 Netscape Communicator 4.73 Netscape Communicator 4.74 Netscape Communicator 4.75 Netscape Communicator 4.76 Netscape Communicator 4.77 Netscape Communicator 4.78	10

Summary

Vulnerable Configurations

References