CVEdetails.com the ultimate security vulnerability data source

Log In Register Reset Password Activate Account

Vulnerability Feeds & Widgets^New www.itsecdb.com

Home Browse :
Vendors Products By Date By Type Reports :
CVSS Score Report CVSS Score Distribution Search :
Vendor Search Product Search Version Search Vulnerability Search By Microsoft References Top 50 :
Vendors Vendor Cvss Scores Products Product Cvss Scores Versions Other :
Microsoft Bulletins Bugtraq Entries CWE Definitions About & Contact Feedback CVE Help FAQ External Links :
NVD Website CWE Web Site

Netscape » Navigator : Security Vulnerabilities Published In 2002

2002 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2002-2338	20		DoS	2002-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
2	CVE-2002-2061			Exec Code Overflow	2002-12-31	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
3	CVE-2002-2013				2002-12-31	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
4	CVE-2002-1308			Exec Code Overflow	2002-11-29	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
5	CVE-2002-1091			Exec Code	2002-10-04	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
6	CVE-2002-0815				2002-08-12	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
7	CVE-2002-0594				2002-06-18	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
8	CVE-2002-0593			DoS Exec Code Overflow	2002-06-18	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
9	CVE-2002-0354				2002-06-25	2008-09-05	5.0	None	Remote	Low	Not required	None	Partial	None
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

Total number of vulnerabilities : 9 Page : 1 (This Page)

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.