Netscape : Security Vulnerabilities, CVEs, (Overflow) CVSS score >= 2

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.

Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.

Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Arbitrary command execution via IMAP buffer overflow in authenticate command.