Vulnerabilities > Netscape
|2019-01-31||CVE-2018-18940|| Cross-site Scripting vulnerability in Netscape Enterprise Server 3.63 |
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string.
| 4.3 |
|2009-07-20||CVE-2009-2542|| Resource Management Errors vulnerability in Netscape Navigator 6/8 |
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
| 4.3 |
|2008-07-08||CVE-2008-2809|| Improper Input Validation vulnerability in multiple products |
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 220.127.116.11, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
| 4.0 |
|2007-07-27||CVE-2007-4042||Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.|| 7.5 |
|2007-07-21||CVE-2007-3924||Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.|| 9.3 |
|2007-03-10||CVE-2007-1377|| Resource Exhaustion vulnerability in multiple products |
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
| 5.0 |
|2006-11-24||CVE-2006-6077||The (1) Password Manager in Mozilla Firefox 2.0, and 18.104.22.168 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.|| 5.0 |
|2006-10-12||CVE-2006-4842|| Improper Input Validation vulnerability in multiple products |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
| 3.6 |
|2006-08-21||CVE-2006-4253|| Permissions, Privileges, and Access Controls vulnerability in multiple products |
high complexityk-meleon-project mozilla netscape CWE-264
| 7.6 |
|2006-06-07||CVE-2006-2894|| Improper Input Validation vulnerability in multiple products |
| 4.0 |