Netscape Navigator vulnerabilities
38 known vulnerabilities affecting netscape/navigator.
Total CVEs
38
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH14MEDIUM17LOW4
Vulnerabilities
Page 1 of 2
CVE-2004-0722P3CRITICALCVSS 10.0PoCv7.0v7.12004-08-18
CVE-2004-0722 [CRITICAL] CVE-2004-0722: Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2)
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
nvd
CVE-2006-4253P3HIGHCVSS 7.6PoCv8.12006-08-21
CVE-2006-4253 [HIGH] CWE-264 CVE-2006-4253: Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be fr
nvd
CVE-2005-4134P4MEDIUMCVSS 5.0PoC≤ 8.0.40v7.1+1 more2005-12-09
CVE-2005-4134 [MEDIUM] CVE-2005-4134: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to c
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that
nvd
CVE-2005-0989P4MEDIUMCVSS 5.0PoCv7.22005-05-02
CVE-2005-0989 [MEDIUM] CVE-2005-0989: The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
nvd
CVE-2006-2894P4MEDIUMCVSS 4.0PoC≤ 8.12006-06-07
CVE-2006-2894 [MEDIUM] CWE-20 CVE-2006-2894: Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and oth
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javasc
nvd
CVE-2007-4042P3HIGHCVSS 7.5v9.02007-07-27
CVE-2007-4042 [HIGH] CVE-2007-4042: Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execut
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
nvd
CVE-2007-3924P3CRITICALCVSS 9.3v9.02007-07-21
CVE-2007-3924 [CRITICAL] CVE-2007-3924: Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netsca
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that i
nvd
CVE-2004-0528P4MEDIUMCVSS 5.0PoCv7.12004-08-06
CVE-2004-0528 [MEDIUM] CVE-2004-0528: Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HRE
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
nvd
CVE-2004-0904P3CRITICALCVSS 10.0v7.0v7.0.2+2 more2004-12-31
CVE-2004-0904 [CRITICAL] CVE-2004-0904: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
nvd
CVE-2002-2338P4MEDIUMCVSS 5.0PoCv6.0v6.01+4 more2002-12-31
CVE-2002-2338 [MEDIUM] CWE-20 CVE-2002-2338: The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows r
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
nvd
CVE-2005-1156P3HIGHCVSS 7.5v7.22005-05-02
CVE-2005-1156 [HIGH] CVE-2005-1156: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execut
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
nvd
CVE-2003-1419P4MEDIUMCVSS 4.3PoCv7.02003-12-31
CVE-2003-1419 [MEDIUM] CWE-20 CVE-2003-1419: Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an inv
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
nvd
CVE-2002-2061P4HIGHCVSS 7.5v6.2.32002-12-31
CVE-2002-2061 [HIGH] CVE-2002-2061: Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
nvd
CVE-2002-1091P4HIGHCVSS 7.5v6.2v6.2.1+2 more2002-10-04
CVE-2002-1091 [HIGH] CVE-2002-1091: Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and exe
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
nvd
CVE-2000-1187P4HIGHCVSS 7.5≤ 4.752001-01-09
CVE-2000-1187 [HIGH] CVE-2000-1187: Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
nvd
CVE-2005-1157P4HIGHCVSS 7.5v7.22005-05-02
CVE-2005-1157 [HIGH] CVE-2005-1157: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replac
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
nvd
CVE-2002-1308P4HIGHCVSS 7.5v6.2v6.2.1+3 more2002-11-29
CVE-2002-1308 [HIGH] CVE-2002-1308: Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
nvd
CVE-2003-0553P4HIGHCVSS 7.5v7.0.22003-08-18
CVE-2003-0553 [HIGH] CVE-2003-0553: Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remot
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
nvd
CVE-2002-0593P4HIGHCVSS 7.5v6.0v6.012002-06-18
CVE-2002-0593 [HIGH] CVE-2002-0593: Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a den
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
nvd
CVE-1999-0440P4HIGHCVSS 7.5v4.0v4.01+9 more1999-03-01
CVE-1999-0440 [HIGH] CVE-1999-0440: The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through m
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
nvd
1 / 2Next →