CVE-2002-2359

Mozilla 1.0 - Cross-Site Scripting via FTP URL Title Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2359. PoCs published by Eiji James Yoshida.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mozilla's handling of FTP directory listings. The vulnerability allows an attacker to inject JavaScript code via a crafted FTP URL, which is then executed when the victim views the FTP site content.

Description

Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eiji James Yoshida · textremoteunix

https://www.exploit-db.com/exploits/21682

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mozilla's handling of FTP directory listings. The vulnerability allows an attacker to inject JavaScript code via a crafted FTP URL, which is then executed when the victim views the FTP site content.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Mozilla (versions affected by CVE-2002-2359)

No auth needed

Prerequisites: Victim must click on a crafted FTP URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5403

Issue Tracking x_refsource_misc

http://bugzilla.mozilla.org/show_bug.cgi?id=154030

Third Party Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9757.php

Scores

EPSS 0.0378

EPSS Percentile 88.6%

Details

CWE

CWE-79

Status published

Products (2)

mozilla/mozilla 1.0 (3 CPE variants)

mozilla/mozilla 1.1 alpha

Published Dec 31, 2002

Tracked Since Feb 18, 2026