CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netscape : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-4042 Exec Code 2007-07-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
2 CVE-2007-3924 Exec Code 2007-07-20 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
3 CVE-2006-4253 264 DoS Exec Code 2006-08-21 2010-09-15
7.6
None Remote High Not required Complete Complete Complete
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
4 CVE-2005-1156 Exec Code 2005-05-02 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
5 CVE-2004-1236 Exec Code Overflow 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.
6 CVE-2004-0905 Exec Code 2004-09-14 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
7 CVE-2004-0904 Exec Code Overflow 2004-12-31 2013-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
8 CVE-2004-0826 Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
9 CVE-2004-0722 Exec Code Overflow 2004-08-18 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
10 CVE-2003-0553 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
11 CVE-2002-2284 Exec Code Bypass 2002-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
12 CVE-2002-2248 119 Exec Code Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
13 CVE-2002-2061 Exec Code Overflow 2002-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
14 CVE-2002-1766 Exec Code Overflow 2002-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
15 CVE-2002-1308 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
16 CVE-2002-1091 Exec Code 2002-10-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
17 CVE-2002-0593 DoS Exec Code Overflow 2002-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
18 CVE-2001-0262 Exec Code Overflow 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
19 CVE-2001-0164 DoS Exec Code Overflow 2001-06-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.
20 CVE-2000-1187 Exec Code Overflow 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
21 CVE-2000-1072 Exec Code 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
22 CVE-2000-0961 Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
23 CVE-2000-0655 DoS Exec Code 2000-07-25 2008-09-10
5.0
None Remote Low Not required None None Partial
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
24 CVE-2000-0600 DoS Exec Code 2000-06-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
25 CVE-1999-1226 DoS Exec Code 1999-10-28 2008-09-10
2.6
None Remote High Not required None None Partial
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
26 CVE-1999-1189 DoS Exec Code Overflow 1999-11-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
27 CVE-1999-0868 Exec Code 1997-02-20 2008-09-09
7.2
Admin Local Low Not required Complete Complete Complete
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
28 CVE-1999-0440 Exec Code 1999-03-01 2008-09-09
7.5
User Remote Low Not required Partial Partial Partial
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
29 CVE-1999-0141 Exec Code 1996-03-29 2008-09-09
3.7
User Local High Not required Partial Partial Partial
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
30 CVE-1999-0043 Exec Code 1996-12-04 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
31 CVE-1999-0005 Exec Code Overflow 1998-07-20 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Arbitrary command execution via IMAP buffer overflow in authenticate command.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.