Vulnerability Report

CVE-2002-1204

Title: Netscape Communicator user_pref() function allows stealing sensitive info

Information disclosure

Proof Of Concept

No public PoC currently indexed for CVE-2002-1204.

CWE Category NVD-CWE-noinfo

Published Date Nov 29, 2002

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 5.0 CVSS v2.0

Exploit Probability (EPSS)

0.85%

Vulnerability Summary

CVE-2002-1204: Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Impacted Vendors

netscape 1

Reference Links

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html http://www.idefense.com/advisory/11.19.02c.txt http://www.iss.net/security_center/static/10655.php http://www.securityfocus.com/bid/6215 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html http://www.idefense.com/advisory/11.19.02c.txt http://www.iss.net/security_center/static/10655.php http://www.securityfocus.com/bid/6215

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2002-1204 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

November 29, 2002 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected Stack

No specific products linked.