Vulnerabilities > Netscape

DATE CVE VULNERABILITY TITLE RISK
2019-01-31 CVE-2018-18940 Cross-Site Scripting vulnerability in Netscape Enterprise Server 3.63
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string.
network
netscape CWE-79
4.3
2009-07-20 CVE-2009-2542 Resource Management Errors vulnerability in Netscape Navigator 6/8
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
network
netscape CWE-399
4.3
2008-07-08 CVE-2008-2809 Improper Input Validation vulnerability in multiple products
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
network
high complexity
mozilla netscape CWE-20
4.0
2008-07-07 CVE-2008-1676 Credentials Management vulnerability in Netscape Certificate Management System 6.0/6.01/6.1
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
network
low complexity
redhat netscape CWE-255
7.5
2007-07-27 CVE-2007-4042 Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
network
low complexity
microsoft netscape
7.5
2007-07-21 CVE-2007-3924 Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.
network
microsoft netscape
critical
9.3
2007-03-10 CVE-2007-1377 Denial of Service vulnerability in Adobe Reader AcroPDF.DLL Resource Consumption
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
network
low complexity
adobe mozilla netscape opera-software
5.0
2006-11-24 CVE-2006-6077 The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
network
low complexity
mozilla netscape
5.0
2006-10-12 CVE-2006-4842 Improper Input Validation vulnerability in multiple products
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
local
low complexity
netscape sun CWE-20
3.6
2006-08-21 CVE-2006-4253 Permissions, Privileges, and Access Controls vulnerability in multiple products
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3.
network
high complexity
k-meleon-project mozilla netscape CWE-264
7.6