Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Apr 16, 2026

CVE-2002-2314

Description

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.

Affected products

Mozilla Corporation/Mozilla
cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cginvdExploit
seclists.org/bugtraq/2002/Jul/0260.htmlnvdExploit
www.iss.net/security_center/static/9656.phpnvdExploitPatch
cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.htmlnvd
www.mandrakesoft.com/security/advisoriesnvd
www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.htmlnvd
www.securityfocus.com/bid/5293nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000