CVE-2002-2338

Mozilla - Improper Input Validation

Title source: rule

Description

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by eldre8 · cdosmultiple

https://www.exploit-db.com/exploits/21539

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/276946

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/276628

[Various Sources] http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074

[Issue Tracking] http://bugzilla.mozilla.org/show_bug.cgi?id=144228

[Exploit, Patch] http://www.securityfocus.com/bid/5002

[Release Notes] http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html

[Third Party Advisory] http://www.iss.net/security_center/static/9343.php

Scores

EPSS 0.0742

EPSS Percentile 91.8%

Details

CWE

CWE-20

Status published

Products (33)

mozilla/mozilla 0.9.2

mozilla/mozilla 0.9.2.1

mozilla/mozilla 0.9.3

mozilla/mozilla 0.9.4

mozilla/mozilla 0.9.4.1

mozilla/mozilla 0.9.5

mozilla/mozilla 0.9.6

mozilla/mozilla 0.9.7

mozilla/mozilla 0.9.8

mozilla/mozilla 0.9.9

... and 23 more

Published Dec 31, 2002

Tracked Since Feb 18, 2026