CVE-2002-0354

Name of the Vulnerable Software and Affected Versions nautilus-devel versions 1.0.4 nautilus versions 1.0.4 nautilus-mozilla versions 1.0.4 Netscape version 6.1 Mozilla version 0.9.7

Description The issue allows remote attackers to exploit multiple vulnerabilities, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be achieved through remote exploitation. Specifically, the XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 enables remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Recommendations For nautilus-devel version 1.0.4, update to a version that addresses the vulnerabilities. For nautilus version 1.0.4, update to a version that addresses the vulnerabilities. For nautilus-mozilla version 1.0.4, update to a version that addresses the vulnerabilities. For Netscape version 6.1, consider disabling the XMLHttpRequest object (XMLHTTP) as a temporary workaround until a patch is available. For Mozilla version 0.9.7, consider disabling the XMLHttpRequest object (XMLHTTP) as a temporary workaround until a patch is available.