Communicator
by Netscape
CVEs (40)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2000-0711 | 0.06 | — | 0.34 | Oct 20, 2000 | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||
| CVE-2000-0676 | 0.05 | — | 0.20 | Oct 20, 2000 | Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||
| CVE-2001-0596 | 0.04 | — | 0.09 | Aug 2, 2001 | Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. | |||
| CVE-2000-0655 | 0.04 | — | 0.13 | Jul 25, 2000 | Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||
| CVE-1999-0174 | 0.04 | — | 0.07 | Feb 1, 1997 | The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-2002-1766 | 0.03 | — | 0.01 | Dec 31, 2002 | Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | |||
| CVE-2002-2338 | 0.03 | — | 0.04 | Dec 31, 2002 | The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||
| CVE-2000-0409 | 0.03 | — | 0.00 | May 10, 2000 | Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | |||
| CVE-1999-0685 | 0.03 | — | 0.02 | Sep 2, 1999 | Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. | |||
| CVE-1999-0031 | 0.01 | — | 0.18 | Jul 8, 1997 | JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability. | |||
| CVE-2019-6566 | 0.00 | — | 0.00 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | |||
| CVE-2019-6544 | 0.00 | — | 0.01 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is… | |||
| CVE-2019-6548 | 0.00 | — | 0.01 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||
| CVE-2019-6546 | 0.00 | — | 0.01 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | |||
| CVE-2019-6564 | 0.00 | — | 0.00 | May 9, 2019 | GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | |||
| CVE-2002-2248 | 0.00 | — | 0.06 | Dec 31, 2002 | Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | |||
| CVE-2002-2284 | 0.00 | — | 0.02 | Dec 31, 2002 | Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. | |||
| CVE-2002-2308 | 0.00 | — | 0.01 | Dec 31, 2002 | Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | |||
| CVE-2002-2013 | 0.00 | — | 0.02 | Dec 31, 2002 | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||
| CVE-2002-1204 | 0.00 | — | 0.01 | Nov 29, 2002 | Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file,… |
- CVE-2000-0711Oct 20, 2000risk 0.06cvss —epss 0.34
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
- CVE-2000-0676Oct 20, 2000risk 0.05cvss —epss 0.20
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
- CVE-2001-0596Aug 2, 2001risk 0.04cvss —epss 0.09
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
- CVE-2000-0655Jul 25, 2000risk 0.04cvss —epss 0.13
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
- CVE-1999-0174Feb 1, 1997risk 0.04cvss —epss 0.07
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-2002-1766Dec 31, 2002risk 0.03cvss —epss 0.01
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
- CVE-2002-2338Dec 31, 2002risk 0.03cvss —epss 0.04
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
- CVE-2000-0409May 10, 2000risk 0.03cvss —epss 0.00
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
- CVE-1999-0685Sep 2, 1999risk 0.03cvss —epss 0.02
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
- CVE-1999-0031Jul 8, 1997risk 0.01cvss —epss 0.18
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
- CVE-2019-6566May 9, 2019risk 0.00cvss —epss 0.00
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
- CVE-2019-6544May 9, 2019risk 0.00cvss —epss 0.01
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is…
- CVE-2019-6548May 9, 2019risk 0.00cvss —epss 0.01
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
- CVE-2019-6546May 9, 2019risk 0.00cvss —epss 0.01
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
- CVE-2019-6564May 9, 2019risk 0.00cvss —epss 0.00
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
- CVE-2002-2248Dec 31, 2002risk 0.00cvss —epss 0.06
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
- CVE-2002-2284Dec 31, 2002risk 0.00cvss —epss 0.02
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
- CVE-2002-2308Dec 31, 2002risk 0.00cvss —epss 0.01
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.
- CVE-2002-2013Dec 31, 2002risk 0.00cvss —epss 0.02
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
- CVE-2002-1204Nov 29, 2002risk 0.00cvss —epss 0.01
Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file,…
Page 1 of 2