Unrated severityNVD Advisory· Published Jun 25, 2002· Updated Apr 16, 2026

CVE-2002-0354

Description

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Affected products

Mozilla Corporation/Mozilla6 versions
cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*
- (no CPE)range: <=0.9.7
Netscape/Navigator2 versions
cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*
Netscape/Netscapellm-fuzzy
Range: <=6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000