Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| galeon | galeon_browser | 1.2.1 |
| netscape | navigator | 6.01 |
| netscape | navigator | 6.2 |
| netscape | navigator | 6.2.2 |
| netscape | navigator | 6.0 |
| galeon | galeon_browser | 1.2 |
| netscape | navigator | 6.1 |
| mozilla | mozilla | 0.9.9 |
| mozilla | mozilla | 1.0 |
| netscape | navigator | 6.2.1 |
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | mozilla | 0.9.7 |
| mozilla | mozilla | 1.0.1 |
| mozilla | mozilla | 0.9.4 |
| mozilla | mozilla | 1.1 |
| galeon | galeon_browser | 1.2.5 |
| galeon | galeon_browser | 1.2.6 |
| mozilla | mozilla | 0.9.5 |
| mozilla | mozilla | 0.9.6 |
| galeon | galeon_browser | 1.2.4 |
| mozilla | mozilla | 0.9.3 |
| mozilla | mozilla | 0.9.8 |
| mozilla | mozilla | 0.9.9 |