发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:54

[原文]Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.

[CNNVD]Mozilla JavaScript URL主机骗取任意Cookie访问漏洞(CNNVD-200212-365)

        Mozilla 1.0存在漏洞。远程攻击者可以借助开头为“//”结尾为换行符的javascript:URL从域名窃取cookies,该漏洞可能导致host/path检验失败。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  XF  mozilla-javascript-steal-cookies(9656)
(UNKNOWN)  BID  5293
(UNKNOWN)  BUGTRAQ  20020724 Mozilla cookie stealing - Sandblad advisory #9
(UNKNOWN)  BUGTRAQ  20020918 Mozilla vulnerabilities, an update

- 漏洞信息

Mozilla JavaScript URL主机骗取任意Cookie访问漏洞
中危 访问验证错误
2002-12-31 00:00:00 2002-12-31 00:00:00
        Mozilla 1.0存在漏洞。远程攻击者可以借助开头为“//”结尾为换行符的javascript:URL从域名窃取cookies,该漏洞可能导致host/path检验失败。

- 公告与补丁

        This issue is resolved in Mozilla Browser 1.1. Users are urged to upgrade to the newest version of Mozilla.
        Mozilla Browser 0.9.2
        Mozilla Browser 0.9.2 .1
        Mozilla Browser 0.9.3
        Mozilla Browser 0.9.4
        Mozilla Browser 0.9.4 .1
        Mozilla Browser 0.9.5
        Mozilla Browser 0.9.6
        Mozilla Browser 0.9.7
        Mozilla Browser 0.9.8
        Mozilla Browser 0.9.9
        Mozilla Browser 1.0 RC2
        Mozilla Browser 1.0
        Mozilla Browser 1.0 RC1

- 漏洞信息 (21638)

Mozilla 0.9.x/1.0 JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability (EDBID:21638)
multiple remote
2002-07-24 Verified
0 Andreas Sandblad
N/A [点击下载]

Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which may allow script code to access cookie data associated with arbitrary domains.

It has been reported possible to create a javascript: URL which appears to start with a valid domain. Malicious script code may specify an arbitrary domain, and will be able to access cookie data associated with that domain.

Exploitation of this vulnerability may result in a remote attacker gaining access to sensitive cookie data, including authentication credentials.

Title: Mozilla cookie stealing/spoofing
Date: [2002-07-24]
Impact: Steal/spoof arbitrary cookie _ _
using javascript: URLs o' \,=./ `o
Author: Andreas Sandblad, (o o)
This demo will display your google cookie (must exist).

<body onload=init()>
<iframe name=f height=0 width=0 style=visibility:hidden></iframe>
function init(){
f.location = "javascript://\n"+
"'<body onload=alert(document.cookie)>'";

- 漏洞信息

Mozilla Crafted Javascript URI Cross-domain Cookie Disclosure
Remote / Network Access, Context Dependent Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

- 时间线

2002-07-24 Unknow
2002-07-24 Unknow

- 解决方案


Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete