Vulnerabilities > Netscape > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-27 | CVE-2007-4042 | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 7.5 |
| 2005-05-02 | CVE-2005-1157 | Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | 7.5 |
| 2005-05-02 | CVE-2005-1156 | Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | 7.5 |
| 2005-01-10 | CVE-2004-1160 | Remote Window Hijacking vulnerability in Netscape Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
| 2004-12-31 | CVE-2004-0826 | Remote Heap Overflow vulnerability in Mozilla Network Security Services Library Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | 7.5 |
| 2004-07-27 | CVE-2004-0718 | Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released - The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 7.5 |
| 2003-08-18 | CVE-2003-0553 | Remote Security vulnerability in Netscape Navigator 7.0.2 Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename. | 7.5 |
| 2002-12-31 | CVE-2002-2061 | Denial-Of-Service vulnerability in Netscape Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel. | 7.5 |
| 2002-12-31 | CVE-2002-1654 | Authentication Attacks vulnerability in Netscape Enterprise Web Server Brute Force iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. | 7.5 |
| 2002-11-29 | CVE-2002-1308 | Remote Heap Corruption vulnerability in Netscape/Mozilla JAR Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | 7.5 |