CVE-2002-0354

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/06/2002
Last modified:
03/04/2025

Description

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*