What is the vulnerability associated with CVE-2002-0354?

CVE-2002-0354 allows remote attackers to read arbitrary files and list directories on a client system by exploiting the XMLHttpRequest object in specific versions of Netscape and Mozilla browsers.

What versions of software are affected by CVE-2002-0354?

CVE-2002-0354 affects Mozilla versions 0.9.7, 1.0-rc1, 1.0-rc2, 1.0-rc3 and Netscape Navigator versions 6.1 and 6.2.

How can I mitigate the risks associated with CVE-2002-0354?

To mitigate CVE-2002-0354, users should upgrade to a newer, secure version of their web browsers that does not contain this vulnerability.

What impact does CVE-2002-0354 have on client systems?

The impact of CVE-2002-0354 is that it can potentially expose sensitive files and directory structures from a user's client system to remote attackers.

What is the exploit mechanism for CVE-2002-0354?

CVE-2002-0354 exploits the XMLHttpRequest object to open a URL that redirects to files on the client system, allowing retrieval of the content via the responseText property.

Vulnerability/
CVE-2002-0354

medium

CWE

NVD-CWE-Other

3/5/2002

8/8/2024

CVE-2002-0354

First published: Fri May 03 2002(Updated: )

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Mozilla	=1.0-rc3
Netscape Navigator	=6.2
Mozilla Mozilla	=1.0-rc1
Mozilla Mozilla	=0.9.7
Mozilla Mozilla	=1.0-rc2
Netscape Navigator	=6.1
Mozilla Mozilla	=0.9.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability associated with CVE-2002-0354?
CVE-2002-0354 allows remote attackers to read arbitrary files and list directories on a client system by exploiting the XMLHttpRequest object in specific versions of Netscape and Mozilla browsers.
What versions of software are affected by CVE-2002-0354?
CVE-2002-0354 affects Mozilla versions 0.9.7, 1.0-rc1, 1.0-rc2, 1.0-rc3 and Netscape Navigator versions 6.1 and 6.2.
How can I mitigate the risks associated with CVE-2002-0354?
To mitigate CVE-2002-0354, users should upgrade to a newer, secure version of their web browsers that does not contain this vulnerability.
What impact does CVE-2002-0354 have on client systems?
The impact of CVE-2002-0354 is that it can potentially expose sensitive files and directory structures from a user's client system to remote attackers.
What is the exploit mechanism for CVE-2002-0354?
CVE-2002-0354 exploits the XMLHttpRequest object to open a URL that redirects to files on the client system, allowing retrieval of the content via the responseText property.

collector/nvd-historical
vendor/mozilla
product/mozilla
canonical/mozilla mozilla
vendor/netscape
product/navigator
canonical/netscape navigator
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
version/mozilla mozilla/1.0-rc3
version/netscape navigator/6.2
version/mozilla mozilla/1.0-rc1
version/mozilla mozilla/0.9.7
version/mozilla mozilla/1.0-rc2
version/netscape navigator/6.1
version/mozilla mozilla/0.9.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.