Netscape Communicator vulnerabilities

CVE-1999-0892 [MEDIUM] CVE-1999-0892: Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less th Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

CVE-2000-0034 [MEDIUM] CVE-2000-0034: Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even i Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

CVE-1999-1189 [HIGH] CVE-1999-1189: Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote a Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

CVE-1999-1226 [LOW] CVE-1999-1226: Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and poss Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.

CVE-1999-1357 [HIGH] CVE-1999-1357: Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating syste Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.

CVE-1999-0685 [MEDIUM] CVE-1999-0685: Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

CVE-1999-0809 [MEDIUM] CVE-1999-0809: Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if t Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

CVE-1999-0762 [LOW] CVE-1999-0762: When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

CVE-1999-0425 [MEDIUM] CVE-1999-0425: talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Nets talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

CVE-1999-0424 [LOW] CVE-1999-0424: talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Nets talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

CVE-1999-0440 [HIGH] CVE-1999-0440: The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through m The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

CVE-1999-1262 [MEDIUM] CVE-1999-1262: Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the o Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.

CVE-1999-0031 [LOW] CVE-1999-0031: JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

CVE-1999-0174 [MEDIUM] CVE-1999-0174: The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attac The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.