Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1357 | 1 Netscape | 1 Communicator | 2016-10-17 | 7.5 HIGH | N/A |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | |||||
| CVE-1999-1002 | 1 Netscape | 1 Communicator | 2016-10-17 | 5.0 MEDIUM | N/A |
| Netscape Navigator uses weak encryption for storing a user's Netscape mail password. | |||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2016-10-17 | 7.5 HIGH | N/A |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | |||||
| CVE-2002-1204 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name. | |||||
| CVE-2000-0676 | 1 Netscape | 1 Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||||
| CVE-2000-0655 | 2 Mozilla, Netscape | 2 Mozilla, Communicator | 2008-09-10 | 5.0 MEDIUM | N/A |
| Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. | |||||
| CVE-2000-0409 | 1 Netscape | 1 Communicator | 2008-09-10 | 3.7 LOW | N/A |
| Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | |||||
| CVE-2000-0406 | 1 Netscape | 1 Communicator | 2008-09-10 | 2.6 LOW | N/A |
| Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. | |||||
| CVE-1999-0685 | 1 Netscape | 1 Communicator | 2008-09-09 | 5.1 MEDIUM | N/A |
| Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. | |||||
| CVE-1999-0790 | 1 Netscape | 1 Communicator | 2008-09-09 | 2.6 LOW | N/A |
| A remote attacker can read information from a Netscape user's cache via JavaScript. | |||||
| CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | |||||
| CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2002-2308 | 1 Netscape | 1 Communicator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2008-09-05 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||