Netscape
Netscape Communications Corporation was an American independent computer services company with headquarters in Mountain View, California, and then Dulles, Virginia. Its Netscape web browser was once dominant but lost to Internet Explorer and other competitors in the first browser war, with its market share falling from more than 90 percent in the mid-1990s to less than one percent in 2006. An early Netscape employee, Brendan Eich, created the JavaScript programming language, the most widely used language for client-side scripting of web pages.
Products
24- 47 CVEs
- 43 CVEs
- 40 CVEs
- 32 CVEs
- 8 CVEs
- 8 CVEs
- 5 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
145| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0043 | Cri | 0.67 | 9.8 | 0.45 | Dec 4, 1996 | Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||
| CVE-1999-0239 | Hig | 0.52 | 7.5 | 0.07 | Jan 1, 1998 | Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | ||
| CVE-1999-0012 | Hig | 0.47 | 7.0 | 0.18 | Feb 6, 1998 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | ||
| CVE-2005-2265 | 0.08 | — | 0.68 | Jul 13, 2005 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | |||
| CVE-2000-0711 | 0.06 | — | 0.34 | Oct 20, 2000 | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||
| CVE-2007-1377 | 0.05 | — | 0.20 | Mar 10, 2007 | AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a… | |||
| CVE-2005-2871 | 0.05 | — | 0.21 | Sep 9, 2005 | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character… | |||
| CVE-2000-0676 | 0.05 | — | 0.20 | Oct 20, 2000 | Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||
| CVE-1999-0005 | 0.05 | — | 0.18 | Jul 20, 1998 | Arbitrary command execution via IMAP buffer overflow in authenticate command. | |||
| CVE-1999-0045 | 0.05 | — | 0.26 | Dec 10, 1996 | List of arbitrary files on Web host via nph-test-cgi script. | |||
| CVE-2006-4842 | 0.04 | — | 0.08 | Oct 12, 2006 | The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||
| CVE-2006-4253 | 0.04 | — | 0.14 | Aug 21, 2006 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to… | |||
| CVE-2006-2894 | 0.04 | — | 0.10 | Jun 7, 2006 | Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target… | |||
| CVE-2005-4134 | 0.04 | — | 0.13 | Dec 9, 2005 | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during… | |||
| CVE-2005-0989 | 0.04 | — | 0.10 | May 2, 2005 | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | |||
| CVE-2004-0722 | 0.04 | — | 0.13 | Aug 18, 2004 | Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||
| CVE-2001-0596 | 0.04 | — | 0.09 | Aug 2, 2001 | Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. | |||
| CVE-2001-0262 | 0.04 | — | 0.07 | Jul 2, 2001 | Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | |||
| CVE-2000-0655 | 0.04 | — | 0.13 | Jul 25, 2000 | Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||
| CVE-1999-1005 | 0.04 | — | 0.08 | Dec 19, 1999 | Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. |
- risk 0.67cvss 9.8epss 0.45
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
- risk 0.52cvss 7.5epss 0.07
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
- risk 0.47cvss 7.0epss 0.18
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
- CVE-2005-2265Jul 13, 2005risk 0.08cvss —epss 0.68
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
- CVE-2000-0711Oct 20, 2000risk 0.06cvss —epss 0.34
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
- CVE-2007-1377Mar 10, 2007risk 0.05cvss —epss 0.20
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a…
- CVE-2005-2871Sep 9, 2005risk 0.05cvss —epss 0.21
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character…
- CVE-2000-0676Oct 20, 2000risk 0.05cvss —epss 0.20
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
- CVE-1999-0005Jul 20, 1998risk 0.05cvss —epss 0.18
Arbitrary command execution via IMAP buffer overflow in authenticate command.
- CVE-1999-0045Dec 10, 1996risk 0.05cvss —epss 0.26
List of arbitrary files on Web host via nph-test-cgi script.
- CVE-2006-4842Oct 12, 2006risk 0.04cvss —epss 0.08
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
- CVE-2006-4253Aug 21, 2006risk 0.04cvss —epss 0.14
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to…
- CVE-2006-2894Jun 7, 2006risk 0.04cvss —epss 0.10
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target…
- CVE-2005-4134Dec 9, 2005risk 0.04cvss —epss 0.13
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during…
- CVE-2005-0989May 2, 2005risk 0.04cvss —epss 0.10
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
- CVE-2004-0722Aug 18, 2004risk 0.04cvss —epss 0.13
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
- CVE-2001-0596Aug 2, 2001risk 0.04cvss —epss 0.09
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
- CVE-2001-0262Jul 2, 2001risk 0.04cvss —epss 0.07
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
- CVE-2000-0655Jul 25, 2000risk 0.04cvss —epss 0.13
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
- CVE-1999-1005Dec 19, 1999risk 0.04cvss —epss 0.08
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.