Filtered by vendor Netscape
Subscribe
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2025-04-09 | 5.0 MEDIUM | 7.0 HIGH |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-2008-1676 | 2 Netscape, Redhat | 2 Certificate Management System, Certificate System | 2025-04-09 | 7.5 HIGH | N/A |
| Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. | |||||
| CVE-2007-1377 | 4 Adobe, Mozilla, Netscape and 1 more | 4 Acrobat Reader, Firefox, Navigator and 1 more | 2025-04-09 | 5.0 MEDIUM | N/A |
| AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | |||||
| CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2025-04-09 | 3.6 LOW | N/A |
| The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2007-3924 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2025-04-09 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE. | |||||
| CVE-2006-6077 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2025-04-09 | 5.0 MEDIUM | N/A |
| The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. | |||||
| CVE-2008-2809 | 2 Mozilla, Netscape | 4 Firefox, Geckb, Seamonkey and 1 more | 2025-04-09 | 4.0 MEDIUM | N/A |
| Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2007-4042 | 2 Microsoft, Netscape | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
| CVE-2009-2542 | 1 Netscape | 1 Navigator | 2025-04-09 | 4.3 MEDIUM | N/A |
| Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2000-0409 | 1 Netscape | 1 Communicator | 2025-04-03 | 3.7 LOW | N/A |
| Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. | |||||
| CVE-2001-0745 | 1 Netscape | 1 Messanger | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. | |||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2025-04-03 | 2.6 LOW | N/A |
| By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||||
| CVE-2003-1419 | 1 Netscape | 1 Navigator | 2025-04-03 | 4.3 MEDIUM | N/A |
| Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||||
| CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | |||||
| CVE-2002-1766 | 1 Netscape | 1 Communicator | 2025-04-03 | 4.6 MEDIUM | N/A |
| Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. | |||||
| CVE-2000-1073 | 1 Netscape | 1 Iplanet Ical | 2025-04-03 | 7.2 HIGH | N/A |
| csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. | |||||
| CVE-2000-0676 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2025-04-03 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||
| CVE-2001-0251 | 1 Netscape | 1 Enterprise Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. | |||||
| CVE-2000-0034 | 1 Netscape | 1 Communicator | 2025-04-03 | 5.0 MEDIUM | N/A |
| Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." | |||||