Netscape Navigator vulnerabilities

CVE-2003-1419 [MEDIUM] CWE-20 CVE-2003-1419: Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an inv Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.

CVE-2003-1492 [MEDIUM] CWE-59 CVE-2003-1492: Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a diffe Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

CVE-2003-1560 [MEDIUM] CWE-200 CVE-2003-1560: Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

CVE-2003-1265 [LOW] CVE-2003-1265: Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users selec Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.

CVE-2003-0553 [HIGH] CVE-2003-0553: Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remot Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.

CVE-2002-2061 [HIGH] CVE-2002-2061: Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

CVE-2002-2338 [MEDIUM] CWE-20 CVE-2002-2338: The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows r The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

CVE-2002-2013 [MEDIUM] CVE-2002-2013: Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

CVE-2002-1308 [HIGH] CVE-2002-1308: Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

CVE-2002-1091 [HIGH] CVE-2002-1091: Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and exe Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

CVE-2002-0354 [MEDIUM] CVE-2002-0354: The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to rea The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

CVE-2002-0593 [HIGH] CVE-2002-0593: Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a den Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

CVE-2002-0594 [MEDIUM] CVE-2002-0594: Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of fil Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

CVE-2000-1187 [HIGH] CVE-2000-1187: Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

CVE-1999-1189 [HIGH] CVE-1999-1189: Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote a Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

CVE-1999-0827 [LOW] CVE-1999-0827: By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across differe By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

CVE-1999-0440 [HIGH] CVE-1999-0440: The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through m The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

CVE-1999-0141 [LOW] CVE-1999-0141: Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the app Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.