NetscapeCVEs & Vulnerabilities

120 CVEs affecting Netscape products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

communicator 182navigator 94enterprise server 64directory server 14fasttrack server 10messaging server 7certificate management system 4iplanet ical 4
CVE-2001-0921LOW

Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.

21 Nov 2001
2.1
CVSS
CVE-2001-0745MEDIUM

Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.

18 Oct 2001
5.0
CVSS
CVE-2001-0683MEDIUM

Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238.

20 Sep 2001
5.0
CVSS
CVE-2001-0684MEDIUM

Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239.

20 Sep 2001
5.0
CVSS
CVE-2000-1196MEDIUMpoc

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.

31 Aug 2001
5.0
CVSS
CVE-2001-0596HIGHpoc

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

2 Aug 2001
7.5
CVSS
CVE-2001-0262HIGHpoc

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

2 Jul 2001
7.5
CVSS
CVE-2001-0164HIGH

Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.

2 Jun 2001
7.5
CVSS
CVE-2001-0251MEDIUM

The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command.

2 Jun 2001
5.0
CVSS
CVE-2001-0250MEDIUMpoc

The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.

2 Jun 2001
5.0
CVSS
CVE-2001-0175MEDIUM

The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.

26 Mar 2001
5.0
CVSS
CVE-1999-0758MEDIUM

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.

12 Mar 2001
5.0
CVSS
CVE-2000-0308CRITICAL

Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

12 Mar 2001
10.0
CVSS
CVE-2000-1187HIGH

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

9 Jan 2001
7.5
CVSS
CVE-2000-0960MEDIUM

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

19 Dec 2000
5.0
CVSS
CVE-2000-0961CRITICAL

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

19 Dec 2000
10.0
CVSS
CVE-2000-1071CRITICAL

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.

11 Dec 2000
10.0
CVSS
CVE-2000-1073HIGH

csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.

11 Dec 2000
7.2
CVSS
CVE-2000-1076CRITICAL

Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.

11 Dec 2000
10.0
CVSS
CVE-2000-1074CRITICALpoc

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

11 Dec 2000
10.0
CVSS
CVE-2000-1072HIGHpoc

iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

11 Dec 2000
7.2
CVSS
CVE-2000-1075MEDIUMpoc

Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

11 Dec 2000
5.0
CVSS
CVE-2000-0676MEDIUMpoc

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

20 Oct 2000
5.0
CVSS
CVE-2000-0711HIGHpoc

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

20 Oct 2000
7.5
CVSS
CVE-2000-0655MEDIUMpoc

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

25 Jul 2000
5.0
CVSS
CVE-2000-0600HIGH

Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.

26 Jun 2000
7.5
CVSS
CVE-2000-0577CRITICALpoc

Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

21 Jun 2000
10.0
CVSS
CVE-2000-0517MEDIUM

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

26 May 2000
5.0
CVSS
CVE-2000-0406LOW

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

10 May 2000
2.6
CVSS
CVE-2000-0409LOWpoc

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

10 May 2000
3.7
CVSS
CVE-1999-0790LOW

A remote attacker can read information from a Netscape user's cache via JavaScript.

1 Apr 2000
2.6
CVSS
CVE-2000-0236MEDIUMpoc

Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.

17 Mar 2000
5.0
CVSS
CVE-2000-0237MEDIUM

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

11 Mar 2000
6.4
CVSS
CVE-1999-1002MEDIUM

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.

12 Jan 2000
5.0
CVSS
CVE-2000-0087MEDIUM

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

12 Jan 2000
5.0
CVSS
CVE-1999-0744HIGHpoc

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

4 Jan 2000
7.5
CVSS
CVE-1999-0892MEDIUM

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

24 Dec 1999
4.6
CVSS
CVE-2000-0034MEDIUM

Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

22 Dec 1999
5.0
CVSS
CVE-1999-1005MEDIUMpoc

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

19 Dec 1999
5.0
CVSS
CVE-1999-0853CRITICAL

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.

1 Dec 1999
10.0
CVSS
CVE-1999-1189HIGH

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

24 Nov 1999
7.5
CVSS
CVE-1999-0827LOW

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

1 Nov 1999
2.6
CVSS
CVE-1999-1532MEDIUMpoc

Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.

29 Oct 1999
5.0
CVSS
CVE-1999-1226LOW

Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.

28 Oct 1999
2.6
CVSS
CVE-1999-1357HIGH

Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.

5 Oct 1999
7.5
CVSS
CVE-1999-0751MEDIUMpoc

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

13 Sep 1999
5.0
CVSS
CVE-1999-0685MEDIUMpoc

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

2 Sep 1999
5.1
CVSS
CVE-1999-1130MEDIUMpoc

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

30 Jul 1999
5.0
CVSS