Vulnerabilities (CVE)

Filtered by vendor Netscape Subscribe
Filtered by product Communicator
Total 35 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0031 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2024-02-14 2.6 LOW N/A
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
CVE-1999-0790 1 Netscape 1 Communicator 2023-12-10 2.6 LOW N/A
A remote attacker can read information from a Netscape user's cache via JavaScript.
CVE-2002-2308 1 Netscape 1 Communicator 2023-12-10 5.0 MEDIUM N/A
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself.
CVE-2000-0406 1 Netscape 1 Communicator 2023-12-10 2.6 LOW N/A
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVE-2002-2013 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2023-12-10 5.0 MEDIUM N/A
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVE-2000-0034 1 Netscape 1 Communicator 2023-12-10 5.0 MEDIUM N/A
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
CVE-2000-0087 1 Netscape 2 Communicator, Navigator 2023-12-10 5.0 MEDIUM N/A
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
CVE-2002-2338 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2023-12-10 5.0 MEDIUM N/A
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
CVE-1999-0892 1 Netscape 1 Communicator 2023-12-10 4.6 MEDIUM N/A
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
CVE-1999-0685 1 Netscape 1 Communicator 2023-12-10 5.1 MEDIUM N/A
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
CVE-1999-0425 1 Netscape 1 Communicator 2023-12-10 6.4 MEDIUM N/A
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
CVE-2000-0655 2 Mozilla, Netscape 2 Mozilla, Communicator 2023-12-10 5.0 MEDIUM N/A
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
CVE-2000-1187 1 Netscape 2 Communicator, Navigator 2023-12-10 7.5 HIGH N/A
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
CVE-2002-1766 1 Netscape 1 Communicator 2023-12-10 4.6 MEDIUM N/A
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
CVE-2000-0517 1 Netscape 1 Communicator 2023-12-10 5.0 MEDIUM N/A
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
CVE-2000-0409 1 Netscape 1 Communicator 2023-12-10 3.7 LOW N/A
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
CVE-1999-1357 1 Netscape 1 Communicator 2023-12-10 7.5 HIGH N/A
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
CVE-1999-0174 1 Netscape 1 Communicator 2023-12-10 6.4 MEDIUM N/A
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2002-0593 2 Mozilla, Netscape 3 Mozilla, Communicator, Navigator 2023-12-10 7.5 HIGH N/A
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
CVE-1999-0809 1 Netscape 1 Communicator 2023-12-10 5.0 MEDIUM N/A
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".