Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026

CVE-2002-0815

Description

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

Affected products

Microsoft/Internet Explorer2 versions
cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
- (no CPE)
Mozilla Corporation/Mozilla2 versions
cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
- (no CPE)
Netscape/Navigator
cpe:2.3:a:netscape:navigator:*:*:*:*:*:*:*:*
Netscape/Netscapellm-fuzzy

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd
marc.infonvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000