Vulnerabilities > Netscape

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2018-18940 Cross-site Scripting vulnerability in Netscape Enterprise Server 3.63
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string.
network
netscape CWE-79
4.3
2009-07-20 CVE-2009-2542 Resource Management Errors vulnerability in Netscape Navigator 6/8
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
network
netscape CWE-399
4.3
2008-07-08 CVE-2008-2809 Improper Input Validation vulnerability in multiple products
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
network
high complexity
mozilla netscape CWE-20
4.0
2007-07-27 CVE-2007-4042 Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
network
low complexity
microsoft netscape
7.5
2007-07-21 CVE-2007-3924 Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.
network
microsoft netscape
critical
9.3
2007-03-10 CVE-2007-1377 Resource Exhaustion vulnerability in multiple products
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
network
low complexity
adobe mozilla netscape opera CWE-400
5.0
2006-11-24 CVE-2006-6077 The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
network
low complexity
mozilla netscape
5.0
2006-10-12 CVE-2006-4842 Improper Input Validation vulnerability in multiple products
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
local
low complexity
netscape sun CWE-20
3.6
2006-08-21 CVE-2006-4253 Permissions, Privileges, and Access Controls vulnerability in multiple products
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.
network
high complexity
k-meleon-project mozilla netscape CWE-264
7.6
2006-06-07 CVE-2006-2894 Improper Input Validation vulnerability in multiple products
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
network
high complexity
mozilla netscape CWE-20
4.0