Unrated severityNVD Advisory· Published Apr 15, 2004· Updated Jun 16, 2026
CVE-2003-0594
CVE-2003-0594
Description
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
7- archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.htmlnvdExploitVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2004-112.htmlnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826nvd
News mentions
0No linked articles in our index yet.