Vulnerabilities > Netscape > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-12 | CVE-2006-4842 | Improper Input Validation vulnerability in multiple products The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | 3.6 |
| 2004-12-31 | CVE-2004-1753 | The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | 2.6 |
| 2003-12-31 | CVE-2003-1265 | Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | 2.1 |
| 2001-11-21 | CVE-2001-0921 | Unspecified vulnerability in Netscape Communicator Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. | 2.1 |
| 2000-05-10 | CVE-2000-0406 | Unspecified vulnerability in Netscape Communicator Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. | 2.6 |
| 2000-05-10 | CVE-2000-0409 | Unspecified vulnerability in Netscape Communicator Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | 3.7 |
| 2000-04-01 | CVE-1999-0790 | Unspecified vulnerability in Netscape Communicator 4.0 A remote attacker can read information from a Netscape user's cache via JavaScript. | 2.6 |
| 1999-11-01 | CVE-1999-0827 | By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | 2.6 |
| 1999-10-28 | CVE-1999-1226 | Unspecified vulnerability in Netscape Communicator Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. | 2.6 |
| 1999-05-24 | CVE-1999-0762 | Unspecified vulnerability in Netscape Communicator and Navigator When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. | 2.6 |