Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-1126

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

Published

2002-09-24T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	galeon	galeon_browser	1.2.4	Yes
Application	galeon	galeon_browser	1.2.5	Yes
Application	galeon	galeon_browser	1.2.6	Yes
Application	mozilla	mozilla	0.9.3	Yes
Application	mozilla	mozilla	0.9.4	Yes
Application	mozilla	mozilla	0.9.5	Yes
Application	mozilla	mozilla	0.9.6	Yes
Application	mozilla	mozilla	0.9.7	Yes
Application	mozilla	mozilla	0.9.8	Yes
Application	mozilla	mozilla	0.9.9	Yes
Application	mozilla	mozilla	1.0.1	Yes
Application	mozilla	mozilla	1.1	Yes

References

http://bugzilla.mozilla.org/show_bug.cgi?id=145579 ([email protected])
http://marc.info/?l=bugtraq&m=103176760004720&w=2 ([email protected])
http://www.iss.net/security_center/static/10084.php Vendor Advisory ([email protected])
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 ([email protected])
http://www.redhat.com/support/errata/RHSA-2002-192.html Patch, Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2003-046.html ([email protected])
http://www.securityfocus.com/bid/5694 Exploit, Patch, Vendor Advisory ([email protected])
http://bugzilla.mozilla.org/show_bug.cgi?id=145579 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=103176760004720&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/10084.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2002-192.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2003-046.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/5694 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)