CVE-2002-0594 in Navigator
Summary
by MITRE
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/15/2025
This vulnerability exists in Netscape 6 and Mozilla 1.0 RC1 and earlier versions where a maliciously crafted CSS page can exploit a flaw in how these browsers handle LINK elements within stylesheet files. The technical implementation involves a CSS page containing a LINK element that references a remote resource, which triggers an HTTP redirect mechanism that can be manipulated to reveal file existence on the client system. When a browser processes such a CSS file, it attempts to resolve the referenced resource and follows any redirects that occur during this process. The vulnerability stems from the browser's insufficient validation of redirect responses, particularly when these redirects are triggered by CSS processing rather than direct user navigation. This allows an attacker to craft a CSS page that, when loaded by an unsuspecting user, can probe the local file system by observing whether specific files exist or not, effectively creating a file enumeration attack vector. The flaw operates at the application layer and specifically affects the browser's handling of external resources referenced through CSS, making it particularly dangerous as it can be exploited through web-based attacks without requiring any special privileges from the user. This vulnerability is categorized under CWE-200 Information Exposure and relates to improper input validation in web browser implementations. The attack vector leverages the browser's HTTP client functionality to perform reconnaissance on the local system, essentially allowing an attacker to determine if specific files are present on the target machine. The impact extends beyond simple information disclosure as it provides attackers with valuable reconnaissance data that can be used to plan more sophisticated attacks against the victim's system. According to ATT&CK framework, this vulnerability maps to T1083 File and Directory Discovery and T1566 Phishing, as it enables attackers to gather system information through deceptive web content. The vulnerability affects the confidentiality and integrity of the user's system as it allows unauthorized enumeration of local files that should remain hidden from remote attackers. Security researchers have identified that the root cause lies in the browser's failure to properly sanitize redirect responses during CSS processing, particularly when these responses are generated by HTTP redirects that occur during resource loading. The exploitation requires no special user interaction beyond viewing a malicious webpage, making it particularly dangerous in phishing campaigns or targeted attacks where an attacker can determine which files exist on the victim's system. The vulnerability represents a classic case of insecure direct object reference where the browser's handling of external resources creates an unintended information disclosure channel. This flaw demonstrates the importance of proper input validation and the need for robust handling of HTTP responses in web browser implementations, as the vulnerability essentially allows attackers to bypass normal file system access controls through indirect means. The security implications extend to potential privilege escalation scenarios where an attacker might use the discovered file information to target specific applications or system components that are known to be present on the victim's system. Organizations using affected browser versions should consider immediate mitigation strategies including disabling CSS processing for untrusted content, implementing strict content security policies, and applying available patches or updates to eliminate this vulnerability. The flaw highlights the critical need for web browser vendors to implement comprehensive validation of HTTP responses and redirects, particularly in scenarios involving external resource loading through CSS and other web technologies.