Filtered by vendor Netscape
Subscriptions
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | N/A |
| Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | ||||
| CVE-2002-2284 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. | ||||
| CVE-2004-1160 | 1 Netscape | 1 Navigator | 2025-04-03 | N/A |
| Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||
| CVE-2004-1236 | 2 Netscape, Redhat | 2 Directory Server, Directory Server | 2025-04-03 | N/A |
| Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. | ||||
| CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2025-04-03 | N/A |
| Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | ||||
| CVE-2003-1419 | 1 Netscape | 1 Navigator | 2025-04-03 | N/A |
| Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | ||||
| CVE-2006-4253 | 4 K-meleon Project, Mozilla, Netscape and 1 more | 4 K-meleon, Firefox, Navigator and 1 more | 2025-04-03 | N/A |
| Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. | ||||
| CVE-1999-0892 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. | ||||
| CVE-2002-2308 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | ||||
| CVE-2001-0175 | 1 Netscape | 1 Fasttrack Server | 2025-04-03 | N/A |
| The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. | ||||
| CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | N/A |
| Netscape Enterprise servers may list files through the PageServices query. | ||||
| CVE-2005-1156 | 3 Mozilla, Netscape, Redhat | 4 Firefox, Mozilla, Navigator and 1 more | 2025-04-03 | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | ||||
| CVE-2005-1157 | 3 Mozilla, Netscape, Redhat | 4 Firefox, Mozilla, Navigator and 1 more | 2025-04-03 | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | ||||
| CVE-1999-0045 | 2 Apache, Netscape | 4 Http Server, Commerce Server, Communications Server and 1 more | 2025-04-03 | N/A |
| List of arbitrary files on Web host via nph-test-cgi script. | ||||
| CVE-1999-0141 | 1 Netscape | 1 Navigator | 2025-04-03 | N/A |
| Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet. | ||||
| CVE-1999-0142 | 2 Netscape, Sun | 2 Navigator, Java | 2025-04-03 | N/A |
| The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. | ||||
| CVE-1999-0174 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. | ||||
| CVE-1999-1130 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | N/A |
| Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. | ||||
| CVE-1999-1262 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. | ||||
| CVE-1999-1357 | 1 Netscape | 1 Communicator | 2025-04-03 | N/A |
| Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. | ||||