Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
2002-12-31T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | mozilla | 0.9.2 | Yes |
| Application | mozilla | mozilla | 0.9.2.1 | Yes |
| Application | mozilla | mozilla | 0.9.3 | Yes |
| Application | mozilla | mozilla | 0.9.4 | Yes |
| Application | mozilla | mozilla | 0.9.4.1 | Yes |
| Application | mozilla | mozilla | 0.9.5 | Yes |
| Application | mozilla | mozilla | 0.9.6 | Yes |
| Application | netscape | communicator | 4.0 | Yes |
| Application | netscape | communicator | 4.4 | Yes |
| Application | netscape | communicator | 4.5 | Yes |
| Application | netscape | communicator | 4.5_beta | Yes |
| Application | netscape | communicator | 4.06 | Yes |
| Application | netscape | communicator | 4.6 | Yes |
| Application | netscape | communicator | 4.07 | Yes |
| Application | netscape | communicator | 4.7 | Yes |
| Application | netscape | communicator | 4.08 | Yes |
| Application | netscape | communicator | 4.51 | Yes |
| Application | netscape | communicator | 4.61 | Yes |
| Application | netscape | communicator | 4.72 | Yes |
| Application | netscape | communicator | 4.73 | Yes |
| Application | netscape | communicator | 4.74 | Yes |
| Application | netscape | communicator | 4.75 | Yes |
| Application | netscape | communicator | 4.76 | Yes |
| Application | netscape | communicator | 4.77 | Yes |
| Application | netscape | communicator | 4.78 | Yes |
| Application | netscape | navigator | 4.77 | Yes |
| Application | netscape | navigator | 6.0 | Yes |
| Application | netscape | navigator | 6.01 | Yes |
| Application | netscape | navigator | 6.1 | Yes |
| Application | netscape | navigator | 6.2 | Yes |