CVE-2002-0815 Information

Description

The Javascript \Same Origin Policy\ (SOP) as implemented in (1) Netscape (2) Mozilla and (3) Internet Explorer allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server’s parent DNS domain name to the restricted site loading a page from the restricted site into one frame and passing the information to the attacker-controlled frame which is allowed because the document.domain of the two frames matches on the parent domain.

Reference

http://marc.info/?l=bugtraq&m=102796732924658&w=2 http://marc.info/?l=bugtraq&m=102798282208686&w=2