Navigator
by Netscape
CVEs (47)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1156 | 0.00 | — | 0.02 | May 2, 2005 | Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | |||
| CVE-2004-1160 | 0.00 | — | 0.02 | Jan 10, 2005 | Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site,… | |||
| CVE-2004-1753 | 0.00 | — | 0.02 | Dec 31, 2004 | The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing… | |||
| CVE-2004-0905 | 0.00 | — | 0.03 | Sep 14, 2004 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||
| CVE-2004-0718 | 0.00 | — | 0.02 | Jul 27, 2004 | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame… | |||
| CVE-2003-1265 | 0.00 | — | 0.00 | Dec 31, 2003 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | |||
| CVE-2003-1492 | 0.00 | — | 0.01 | Dec 31, 2003 | Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | |||
| CVE-2003-1560 | 0.00 | — | 0.01 | Dec 31, 2003 | Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||
| CVE-2003-0553 | 0.00 | — | 0.03 | Aug 18, 2003 | Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||
| CVE-2002-2061 | 0.00 | — | 0.03 | Dec 31, 2002 | Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||
| CVE-2002-2013 | 0.00 | — | 0.02 | Dec 31, 2002 | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||
| CVE-2002-1308 | 0.00 | — | 0.04 | Nov 29, 2002 | Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | |||
| CVE-2002-1091 | 0.00 | — | 0.04 | Oct 4, 2002 | Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width. | |||
| CVE-2002-0815 | 0.00 | — | 0.04 | Aug 12, 2002 | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted… | |||
| CVE-2002-0354 | 0.00 | — | 0.01 | Jun 25, 2002 | The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText… | |||
| CVE-2002-0593 | 0.00 | — | 0.04 | Jun 18, 2002 | Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||
| CVE-2002-0594 | 0.00 | — | 0.02 | Jun 18, 2002 | Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||
| CVE-2000-1187 | 0.00 | — | 0.03 | Jan 9, 2001 | Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | |||
| CVE-2000-0406 | 0.00 | — | 0.01 | May 10, 2000 | Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL"… | |||
| CVE-2000-0087 | 0.00 | — | 0.01 | Jan 12, 2000 | Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. |
- CVE-2005-1156May 2, 2005risk 0.00cvss —epss 0.02
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
- CVE-2004-1160Jan 10, 2005risk 0.00cvss —epss 0.02
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site,…
- CVE-2004-1753Dec 31, 2004risk 0.00cvss —epss 0.02
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing…
- CVE-2004-0905Sep 14, 2004risk 0.00cvss —epss 0.03
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
- CVE-2004-0718Jul 27, 2004risk 0.00cvss —epss 0.02
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame…
- CVE-2003-1265Dec 31, 2003risk 0.00cvss —epss 0.00
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
- CVE-2003-1492Dec 31, 2003risk 0.00cvss —epss 0.01
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
- CVE-2003-1560Dec 31, 2003risk 0.00cvss —epss 0.01
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
- CVE-2003-0553Aug 18, 2003risk 0.00cvss —epss 0.03
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
- CVE-2002-2061Dec 31, 2002risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
- CVE-2002-2013Dec 31, 2002risk 0.00cvss —epss 0.02
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
- CVE-2002-1308Nov 29, 2002risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
- CVE-2002-1091Oct 4, 2002risk 0.00cvss —epss 0.04
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
- CVE-2002-0815Aug 12, 2002risk 0.00cvss —epss 0.04
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted…
- CVE-2002-0354Jun 25, 2002risk 0.00cvss —epss 0.01
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText…
- CVE-2002-0593Jun 18, 2002risk 0.00cvss —epss 0.04
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
- CVE-2002-0594Jun 18, 2002risk 0.00cvss —epss 0.02
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
- CVE-2000-1187Jan 9, 2001risk 0.00cvss —epss 0.03
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
- CVE-2000-0406May 10, 2000risk 0.00cvss —epss 0.01
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL"…
- CVE-2000-0087Jan 12, 2000risk 0.00cvss —epss 0.01
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
Page 2 of 3