CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netscape : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-1676 255 Bypass 2008-07-07 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
2 CVE-2007-4042 Exec Code 2007-07-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
3 CVE-2006-4253 264 DoS Exec Code 2006-08-21 2010-09-15
7.6
None Remote High Not required Complete Complete Complete
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
4 CVE-2005-1157 2005-05-02 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
5 CVE-2005-1156 Exec Code 2005-05-02 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
6 CVE-2004-1160 2005-01-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
7 CVE-2004-0826 Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
8 CVE-2004-0718 2004-07-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
9 CVE-2003-0553 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
10 CVE-2002-2061 Exec Code Overflow 2002-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
11 CVE-2002-1654 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
12 CVE-2002-1308 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
13 CVE-2002-1091 Exec Code 2002-10-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
14 CVE-2002-0815 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
15 CVE-2002-0593 DoS Exec Code Overflow 2002-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
16 CVE-2001-0596 2001-08-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
17 CVE-2001-0262 Exec Code Overflow 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
18 CVE-2001-0164 DoS Exec Code Overflow 2001-06-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.
19 CVE-2000-1187 Exec Code Overflow 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
20 CVE-2000-1073 +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
21 CVE-2000-1072 Exec Code 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
22 CVE-2000-0711 2000-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
23 CVE-2000-0600 DoS Exec Code 2000-06-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
24 CVE-1999-1357 XSS 1999-10-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
25 CVE-1999-1189 DoS Exec Code Overflow 1999-11-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
26 CVE-1999-0868 Exec Code 1997-02-20 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
27 CVE-1999-0807 1999-05-01 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
28 CVE-1999-0744 Overflow +Priv 2000-01-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
29 CVE-1999-0537 1998-04-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
30 CVE-1999-0440 Exec Code 1999-03-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
31 CVE-1999-0142 1996-03-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
32 CVE-1999-0045 1996-12-10 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
List of arbitrary files on Web host via nph-test-cgi script.
Total number of vulnerabilities : 32   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.