Netscape
by Netscape
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1160 | 0.00 | — | 0.01 | Jan 10, 2005 | Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site,… | |||
| CVE-2004-0718 | 0.00 | — | 0.02 | Jul 27, 2004 | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame… | |||
| CVE-2003-1560 | 0.00 | — | 0.00 | Dec 31, 2003 | Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||
| CVE-2003-1265 | 0.00 | — | 0.00 | Dec 31, 2003 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | |||
| CVE-2002-2061 | 0.00 | — | 0.03 | Dec 31, 2002 | Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | |||
| CVE-2002-2248 | 0.00 | — | 0.05 | Dec 31, 2002 | Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | |||
| CVE-2002-2013 | 0.00 | — | 0.00 | Dec 31, 2002 | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||
| CVE-2002-1126 | 0.00 | — | 0.01 | Sep 24, 2002 | Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs,… | |||
| CVE-2002-0354 | 0.00 | — | 0.00 | Jun 25, 2002 | The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText… | |||
| CVE-2002-0594 | 0.00 | — | 0.02 | Jun 18, 2002 | Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | |||
| CVE-2002-0593 | 0.00 | — | 0.03 | Jun 18, 2002 | Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||
| CVE-2002-0076 | 0.00 | — | 0.01 | Mar 19, 2002 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape… | |||
| CVE-2002-0058 | 0.00 | — | 0.03 | Mar 15, 2002 | Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and… | |||
| CVE-2001-0921 | 0.00 | — | 0.00 | Nov 21, 2001 | Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. | |||
| CVE-2001-0745 | 0.00 | — | 0.01 | Oct 18, 2001 | Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. | |||
| CVE-2001-1066 | 0.00 | — | 0.00 | Aug 31, 2001 | ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2000-1187 | 0.00 | — | 0.01 | Jan 9, 2001 | Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | |||
| CVE-2000-0517 | 0.00 | — | 0.01 | May 26, 2000 | Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS… | |||
| CVE-1999-0790 | 0.00 | — | 0.00 | Apr 1, 2000 | A remote attacker can read information from a Netscape user's cache via JavaScript. | |||
| CVE-2000-0034 | 0.00 | — | 0.01 | Dec 22, 1999 | Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." |
- CVE-2004-1160Jan 10, 2005risk 0.00cvss —epss 0.01
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site,…
- CVE-2004-0718Jul 27, 2004risk 0.00cvss —epss 0.02
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame…
- CVE-2003-1560Dec 31, 2003risk 0.00cvss —epss 0.00
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
- CVE-2003-1265Dec 31, 2003risk 0.00cvss —epss 0.00
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
- CVE-2002-2061Dec 31, 2002risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
- CVE-2002-2248Dec 31, 2002risk 0.00cvss —epss 0.05
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
- CVE-2002-2013Dec 31, 2002risk 0.00cvss —epss 0.00
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
- CVE-2002-1126Sep 24, 2002risk 0.00cvss —epss 0.01
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs,…
- CVE-2002-0354Jun 25, 2002risk 0.00cvss —epss 0.00
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText…
- CVE-2002-0594Jun 18, 2002risk 0.00cvss —epss 0.02
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
- CVE-2002-0593Jun 18, 2002risk 0.00cvss —epss 0.03
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
- CVE-2002-0076Mar 19, 2002risk 0.00cvss —epss 0.01
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…
- CVE-2002-0058Mar 15, 2002risk 0.00cvss —epss 0.03
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and…
- CVE-2001-0921Nov 21, 2001risk 0.00cvss —epss 0.00
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
- CVE-2001-0745Oct 18, 2001risk 0.00cvss —epss 0.01
Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.
- CVE-2001-1066Aug 31, 2001risk 0.00cvss —epss 0.00
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2000-1187Jan 9, 2001risk 0.00cvss —epss 0.01
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
- CVE-2000-0517May 26, 2000risk 0.00cvss —epss 0.01
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS…
- CVE-1999-0790Apr 1, 2000risk 0.00cvss —epss 0.00
A remote attacker can read information from a Netscape user's cache via JavaScript.
- CVE-2000-0034Dec 22, 1999risk 0.00cvss —epss 0.01
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
Page 2 of 3