Vulnerability Details : CVE-2002-1204
Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
Exploit prediction scoring system (EPSS) score for CVE-2002-1204
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1204
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1204
Products affected by CVE-2002-1204
- cpe:2.3:a:netscape:communicator:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.61:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.72:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.73:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.74:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.75:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.77:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.76:*:*:*:*:*:*:*
- cpe:2.3:a:netscape:communicator:4.78:*:*:*:*:*:*:*