Netscape Navigator vulnerabilities
38 known vulnerabilities affecting netscape/navigator.
Total CVEs
38
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH14MEDIUM17LOW4
Vulnerabilities
Page 2 of 2
CVE-2004-0718P4HIGHCVSS 7.5v7.12004-07-27
CVE-2004-0718 [HIGH] CVE-2004-0718: The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not pro
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
nvd
CVE-2004-1160P4HIGHCVSS 7.5v7.0v7.0.2+2 more2005-01-10
CVE-2004-1160 [HIGH] CVE-2004-1160: Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sit
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
nvd
CVE-1999-1189P4HIGHCVSS 7.5v4.71999-11-24
CVE-1999-1189 [HIGH] CVE-1999-1189: Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote a
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
nvd
CVE-2006-6077P4MEDIUMCVSS 5.0v8.1.22006-11-24
CVE-2006-6077 [MEDIUM] CVE-2006-6077: The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manag
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a
nvd
CVE-2004-0905P4MEDIUMCVSS 4.6v7.0v7.0.2+2 more2004-09-14
CVE-2004-0905 [MEDIUM] CVE-2004-0905: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
nvd
CVE-2002-2013P4MEDIUMCVSS 5.0v4.77v6.0+3 more2002-12-31
CVE-2002-2013 [MEDIUM] CVE-2002-2013: Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
nvd
CVE-2003-1492P4MEDIUMCVSS 5.0v7.0.22003-12-31
CVE-2003-1492 [MEDIUM] CWE-59 CVE-2003-1492: Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a diffe
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
nvd
CVE-2006-1942P4MEDIUMCVSS 5.1v7.2v8.0.40+1 more2006-04-20
CVE-2006-1942 [MEDIUM] CVE-2006-1942: Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, an
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using
nvd
CVE-2002-0594P4MEDIUMCVSS 5.0v6.0v6.01+4 more2002-06-18
CVE-2002-0594 [MEDIUM] CVE-2002-0594: Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of fil
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
nvd
CVE-2002-0354P4MEDIUMCVSS 5.0v6.1v6.22002-06-25
CVE-2002-0354 [MEDIUM] CVE-2002-0354: The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to rea
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.
nvd
CVE-2009-2542P4MEDIUMCVSS 4.3v6v82009-07-20
CVE-2009-2542 [MEDIUM] CVE-2009-2542: Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a lar
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
nvd
CVE-2006-2613P4MEDIUMCVSS 4.3v7.2v8.12006-05-26
CVE-2006-2613 [MEDIUM] CWE-200 CVE-2006-2613: Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and N
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
nvd
CVE-2008-2809P4MEDIUMCVSS 4.0v9.02008-07-08
CVE-2008-2809 [MEDIUM] CWE-20 CVE-2008-2809: Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions be
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fiel
nvd
CVE-1999-0141P4LOWCVSS 3.7v2.021996-03-29
CVE-1999-0141 [LOW] CVE-1999-0141: Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the app
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
nvd
CVE-2003-1560P4MEDIUMCVSS 5.0v42003-12-31
CVE-2003-1560 [MEDIUM] CWE-200 CVE-2003-1560: Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
nvd
CVE-2004-1753P4LOWCVSS 2.6v7.1v7.22004-12-31
CVE-2004-1753 [LOW] CVE-2004-1753: The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
nvd
CVE-1999-0827P4LOWCVSS 2.6≤ 4.51999-11-01
CVE-1999-0827 [LOW] CVE-1999-0827: By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across differe
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
nvd
CVE-2003-1265P4LOWCVSS 2.1v7.02003-12-31
CVE-2003-1265 [LOW] CVE-2003-1265: Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users selec
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
nvd
← Previous2 / 2