Vendor CVEs
Netscape
All CVEs
145 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0043 | Cri | 0.67 | 9.8 | 0.45 | Dec 4, 1996 | Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | ||
| CVE-1999-0239 | Hig | 0.52 | 7.5 | 0.07 | Jan 1, 1998 | Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | ||
| CVE-1999-0012 | Hig | 0.47 | 7.0 | 0.18 | Feb 6, 1998 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | ||
| CVE-2005-2265 | 0.08 | — | 0.68 | Jul 13, 2005 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | |||
| CVE-2000-0711 | 0.06 | — | 0.34 | Oct 20, 2000 | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||
| CVE-2007-1377 | 0.05 | — | 0.20 | Mar 10, 2007 | AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a… | |||
| CVE-2005-2871 | 0.05 | — | 0.21 | Sep 9, 2005 | Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character… | |||
| CVE-2000-0676 | 0.05 | — | 0.20 | Oct 20, 2000 | Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||
| CVE-1999-0005 | 0.05 | — | 0.18 | Jul 20, 1998 | Arbitrary command execution via IMAP buffer overflow in authenticate command. | |||
| CVE-1999-0045 | 0.05 | — | 0.26 | Dec 10, 1996 | List of arbitrary files on Web host via nph-test-cgi script. | |||
| CVE-2006-4842 | 0.04 | — | 0.08 | Oct 12, 2006 | The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||
| CVE-2006-4253 | 0.04 | — | 0.14 | Aug 21, 2006 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to… | |||
| CVE-2006-2894 | 0.04 | — | 0.10 | Jun 7, 2006 | Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target… | |||
| CVE-2005-4134 | 0.04 | — | 0.13 | Dec 9, 2005 | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during… | |||
| CVE-2005-0989 | 0.04 | — | 0.10 | May 2, 2005 | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | |||
| CVE-2004-0722 | 0.04 | — | 0.13 | Aug 18, 2004 | Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | |||
| CVE-2001-0596 | 0.04 | — | 0.09 | Aug 2, 2001 | Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. | |||
| CVE-2001-0262 | 0.04 | — | 0.07 | Jul 2, 2001 | Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | |||
| CVE-2000-0655 | 0.04 | — | 0.13 | Jul 25, 2000 | Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||
| CVE-1999-1005 | 0.04 | — | 0.08 | Dec 19, 1999 | Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. | |||
| CVE-1999-0869 | 0.04 | — | 0.17 | Dec 1, 1998 | Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. | |||
| CVE-1999-0174 | 0.04 | — | 0.07 | Feb 1, 1997 | The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-2006-0496 | 0.03 | — | 0.03 | Feb 1, 2006 | Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS… | |||
| CVE-2004-0528 | 0.03 | — | 0.02 | Aug 6, 2004 | Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||
| CVE-2003-1419 | 0.03 | — | 0.02 | Dec 31, 2003 | Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||
| CVE-2002-2338 | 0.03 | — | 0.04 | Dec 31, 2002 | The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||
| CVE-2002-1766 | 0.03 | — | 0.01 | Dec 31, 2002 | Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | |||
| CVE-2002-1042 | 0.03 | — | 0.04 | Oct 4, 2002 | Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat… | |||
| CVE-2000-1196 | 0.03 | — | 0.04 | Aug 31, 2001 | PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. | |||
| CVE-2001-0250 | 0.03 | — | 0.03 | Jun 2, 2001 | The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. | |||
| CVE-2000-1075 | 0.03 | — | 0.06 | Dec 11, 2000 | Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. | |||
| CVE-2000-1072 | 0.03 | — | 0.01 | Dec 11, 2000 | iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. | |||
| CVE-2000-1074 | 0.03 | — | 0.04 | Dec 11, 2000 | csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. | |||
| CVE-2000-0577 | 0.03 | — | 0.05 | Jun 21, 2000 | Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||
| CVE-2000-0409 | 0.03 | — | 0.00 | May 10, 2000 | Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | |||
| CVE-2000-0236 | 0.03 | — | 0.06 | Mar 17, 2000 | Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. | |||
| CVE-1999-0744 | 0.03 | — | 0.03 | Jan 4, 2000 | Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. | |||
| CVE-1999-1532 | 0.03 | — | 0.02 | Oct 29, 1999 | Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands. | |||
| CVE-1999-0751 | 0.03 | — | 0.05 | Sep 13, 1999 | Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. | |||
| CVE-1999-0685 | 0.03 | — | 0.02 | Sep 2, 1999 | Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. | |||
| CVE-1999-1130 | 0.03 | — | 0.03 | Jul 30, 1999 | Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | |||
| CVE-1999-0752 | 0.03 | — | 0.05 | Jul 6, 1999 | Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. | |||
| CVE-1999-0269 | 0.03 | — | 0.05 | Aug 1, 1998 | Netscape Enterprise servers may list files through the PageServices query. | |||
| CVE-2004-0826 | 0.02 | — | 0.23 | Dec 31, 2004 | Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | |||
| CVE-2002-0076 | 0.02 | — | 0.27 | Mar 19, 2002 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape… | |||
| CVE-2007-4042 | 0.01 | — | 0.10 | Jul 27, 2007 | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||
| CVE-2007-3924 | 0.01 | — | 0.14 | Jul 21, 2007 | Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome… | |||
| CVE-2004-1236 | 0.01 | — | 0.09 | Dec 31, 2004 | Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. | |||
| CVE-2004-0904 | 0.01 | — | 0.08 | Dec 31, 2004 | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | |||
| CVE-2002-0058 | 0.01 | — | 0.09 | Mar 15, 2002 | Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and… |
- risk 0.67cvss 9.8epss 0.45
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
- risk 0.52cvss 7.5epss 0.07
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
- risk 0.47cvss 7.0epss 0.18
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
- CVE-2005-2265Jul 13, 2005risk 0.08cvss —epss 0.68
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
- CVE-2000-0711Oct 20, 2000risk 0.06cvss —epss 0.34
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
- CVE-2007-1377Mar 10, 2007risk 0.05cvss —epss 0.20
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a…
- CVE-2005-2871Sep 9, 2005risk 0.05cvss —epss 0.21
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character…
- CVE-2000-0676Oct 20, 2000risk 0.05cvss —epss 0.20
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
- CVE-1999-0005Jul 20, 1998risk 0.05cvss —epss 0.18
Arbitrary command execution via IMAP buffer overflow in authenticate command.
- CVE-1999-0045Dec 10, 1996risk 0.05cvss —epss 0.26
List of arbitrary files on Web host via nph-test-cgi script.
- CVE-2006-4842Oct 12, 2006risk 0.04cvss —epss 0.08
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
- CVE-2006-4253Aug 21, 2006risk 0.04cvss —epss 0.14
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to…
- CVE-2006-2894Jun 7, 2006risk 0.04cvss —epss 0.10
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target…
- CVE-2005-4134Dec 9, 2005risk 0.04cvss —epss 0.13
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during…
- CVE-2005-0989May 2, 2005risk 0.04cvss —epss 0.10
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
- CVE-2004-0722Aug 18, 2004risk 0.04cvss —epss 0.13
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
- CVE-2001-0596Aug 2, 2001risk 0.04cvss —epss 0.09
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
- CVE-2001-0262Jul 2, 2001risk 0.04cvss —epss 0.07
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
- CVE-2000-0655Jul 25, 2000risk 0.04cvss —epss 0.13
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
- CVE-1999-1005Dec 19, 1999risk 0.04cvss —epss 0.08
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
- CVE-1999-0869Dec 1, 1998risk 0.04cvss —epss 0.17
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
- CVE-1999-0174Feb 1, 1997risk 0.04cvss —epss 0.07
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-2006-0496Feb 1, 2006risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS…
- CVE-2004-0528Aug 6, 2004risk 0.03cvss —epss 0.02
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
- CVE-2003-1419Dec 31, 2003risk 0.03cvss —epss 0.02
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
- CVE-2002-2338Dec 31, 2002risk 0.03cvss —epss 0.04
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
- CVE-2002-1766Dec 31, 2002risk 0.03cvss —epss 0.01
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
- CVE-2002-1042Oct 4, 2002risk 0.03cvss —epss 0.04
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat…
- CVE-2000-1196Aug 31, 2001risk 0.03cvss —epss 0.04
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
- CVE-2001-0250Jun 2, 2001risk 0.03cvss —epss 0.03
The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.
- CVE-2000-1075Dec 11, 2000risk 0.03cvss —epss 0.06
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
- CVE-2000-1072Dec 11, 2000risk 0.03cvss —epss 0.01
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
- CVE-2000-1074Dec 11, 2000risk 0.03cvss —epss 0.04
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
- CVE-2000-0577Jun 21, 2000risk 0.03cvss —epss 0.05
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
- CVE-2000-0409May 10, 2000risk 0.03cvss —epss 0.00
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
- CVE-2000-0236Mar 17, 2000risk 0.03cvss —epss 0.06
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
- CVE-1999-0744Jan 4, 2000risk 0.03cvss —epss 0.03
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
- CVE-1999-1532Oct 29, 1999risk 0.03cvss —epss 0.02
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
- CVE-1999-0751Sep 13, 1999risk 0.03cvss —epss 0.05
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
- CVE-1999-0685Sep 2, 1999risk 0.03cvss —epss 0.02
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
- CVE-1999-1130Jul 30, 1999risk 0.03cvss —epss 0.03
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
- CVE-1999-0752Jul 6, 1999risk 0.03cvss —epss 0.05
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
- CVE-1999-0269Aug 1, 1998risk 0.03cvss —epss 0.05
Netscape Enterprise servers may list files through the PageServices query.
- CVE-2004-0826Dec 31, 2004risk 0.02cvss —epss 0.23
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
- CVE-2002-0076Mar 19, 2002risk 0.02cvss —epss 0.27
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…
- CVE-2007-4042Jul 27, 2007risk 0.01cvss —epss 0.10
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
- CVE-2007-3924Jul 21, 2007risk 0.01cvss —epss 0.14
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome…
- CVE-2004-1236Dec 31, 2004risk 0.01cvss —epss 0.09
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.
- CVE-2004-0904Dec 31, 2004risk 0.01cvss —epss 0.08
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
- CVE-2002-0058Mar 15, 2002risk 0.01cvss —epss 0.09
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and…
Page 1 of 3