Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
Max CVSS
5.0
EPSS Score
0.87%
Published
1999-12-22
Updated
2022-08-17
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
Max CVSS
7.5
EPSS Score
0.73%
Published
1999-10-05
Updated
2016-10-18
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
Max CVSS
2.6
EPSS Score
0.13%
Published
1999-10-28
Updated
2017-10-10
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
Max CVSS
7.5
EPSS Score
0.76%
Published
1999-11-24
Updated
2017-10-10
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-12-24
Updated
2022-08-17
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
Max CVSS
5.0
EPSS Score
0.87%
Published
1999-07-09
Updated
2022-08-17
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
Max CVSS
2.6
EPSS Score
0.27%
Published
1999-05-24
Updated
2022-08-17
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
Max CVSS
5.1
EPSS Score
0.66%
Published
1999-09-02
Updated
2008-09-09
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
Max CVSS
7.5
EPSS Score
5.72%
Published
1999-03-01
Updated
2016-10-18
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
Max CVSS
6.4
EPSS Score
0.06%
Published
1999-03-18
Updated
2022-08-17
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-03-18
Updated
2022-08-17
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!