CVE-2002-1204 | Vulnerability Database | Aqua Security

Netscape Communicator 4.x allows attackers to use a link to steal a users preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

Affected Software

Name	Vendor	Start Version	End Version
Communicator	Netscape	4.6 (including)	4.6 (including)
Communicator	Netscape	4.7 (including)	4.7 (including)
Communicator	Netscape	4.61 (including)	4.61 (including)
Communicator	Netscape	4.72 (including)	4.72 (including)
Communicator	Netscape	4.73 (including)	4.73 (including)
Communicator	Netscape	4.74 (including)	4.74 (including)
Communicator	Netscape	4.75 (including)	4.75 (including)
Communicator	Netscape	4.76 (including)	4.76 (including)
Communicator	Netscape	4.77 (including)	4.77 (including)
Communicator	Netscape	4.78 (including)	4.78 (including)

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0081.html
http://www.idefense.com/advisory/11.19.02c.txt
http://www.iss.net/security_center/static/10655.php
http://www.securityfocus.com/bid/6215

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1204
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html