Filtered by vendor Netscape
Subscriptions
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2024-11-21 | N/A |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | ||||
CVE-2004-0904 | 4 Conectiva, Mozilla, Netscape and 1 more | 10 Linux, Firefox, Mozilla and 7 more | 2024-11-21 | N/A |
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows. | ||||
CVE-2004-0826 | 4 Hp, Mozilla, Netscape and 1 more | 10 Hp-ux, Network Security Services, Certificate Server and 7 more | 2024-11-21 | N/A |
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | ||||
CVE-2004-0722 | 3 Mozilla, Netscape, Redhat | 3 Mozilla, Navigator, Enterprise Linux | 2024-11-21 | N/A |
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||||
CVE-2004-0718 | 4 Firebirdsql, Mozilla, Netscape and 1 more | 4 Firebird, Mozilla, Navigator and 1 more | 2024-11-21 | N/A |
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||||
CVE-2004-0528 | 1 Netscape | 1 Navigator | 2024-11-21 | N/A |
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
CVE-2003-1560 | 1 Netscape | 1 Navigator | 2024-11-21 | N/A |
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | ||||
CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2024-11-21 | N/A |
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | ||||
CVE-2003-1419 | 1 Netscape | 1 Navigator | 2024-11-21 | N/A |
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | ||||
CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-11-21 | N/A |
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | ||||
CVE-2003-0553 | 1 Netscape | 1 Navigator | 2024-11-21 | N/A |
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | ||||
CVE-2002-2338 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-11-21 | N/A |
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message. | ||||
CVE-2002-2308 | 1 Netscape | 1 Communicator | 2024-11-21 | N/A |
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. | ||||
CVE-2002-2284 | 1 Netscape | 1 Communicator | 2024-11-21 | N/A |
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. | ||||
CVE-2002-2248 | 1 Netscape | 1 Communicator | 2024-11-21 | N/A |
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. | ||||
CVE-2002-2061 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-11-21 | N/A |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | ||||
CVE-2002-2013 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-11-21 | N/A |
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | ||||
CVE-2002-1766 | 1 Netscape | 1 Communicator | 2024-11-21 | N/A |
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | ||||
CVE-2002-1655 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2024-11-21 | N/A |
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. | ||||
CVE-2002-1654 | 2 Iplanet, Netscape | 2 Iplanet Web Server, Enterprise Server | 2024-11-21 | N/A |
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. |