Netscape : Security Vulnerabilities, CVEs, CVSS score between 4 and 4.99
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-24
Updated
2022-08-17
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-31
Updated
2017-07-11
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Max CVSS
4.6
EPSS Score
1.84%
Published
2004-09-14
Updated
2017-10-11
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
Max CVSS
4.3
EPSS Score
2.33%
Published
2003-12-31
Updated
2017-07-29
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
Max CVSS
4.3
EPSS Score
0.72%
Published
2006-05-26
Updated
2018-10-18
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
4.3
EPSS Score
3.01%
Published
2009-07-20
Updated
2018-10-10
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
Max CVSS
4.0
EPSS Score
6.34%
Published
2006-06-07
Updated
2018-10-18
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Max CVSS
4.0
EPSS Score
1.08%
Published
2008-07-08
Updated
2018-10-11
8 vulnerabilities found