NetscapeCVEs & Vulnerabilities

120 CVEs affecting Netscape products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

communicator 182navigator 94enterprise server 64directory server 14fasttrack server 10messaging server 7certificate management system 4iplanet ical 4
CVE-1999-0809MEDIUM

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

9 Jul 1999
5.0
CVSS
CVE-1999-0752MEDIUMpoc

Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

6 Jul 1999
5.0
CVSS
CVE-1999-0762LOW

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

24 May 1999
2.6
CVSS
CVE-1999-0686MEDIUM

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

7 May 1999
5.0
CVSS
CVE-1999-0807HIGH

The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

1 May 1999
7.2
CVSS
CVE-1999-0424LOW

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

18 Mar 1999
2.1
CVSS
CVE-1999-0425MEDIUM

talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

18 Mar 1999
6.4
CVSS
CVE-1999-0440HIGH

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

1 Mar 1999
7.5
CVSS
CVE-1999-0479MEDIUM

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

1 Mar 1999
5.0
CVSS
CVE-1999-0869LOWpoc

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

1 Dec 1998
2.6
CVSS
CVE-1999-0269MEDIUMpoc

Netscape Enterprise servers may list files through the PageServices query.

1 Aug 1998
5.0
CVSS
CVE-1999-0005CRITICALpoc

Arbitrary command execution via IMAP buffer overflow in authenticate command.

20 Jul 1998
10.0
CVSS
CVE-1999-0007MEDIUM

Information from SSL-encrypted sessions via PKCS #1.

26 Jun 1998
5.0
CVSS
CVE-1999-0537HIGH

A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

1 Apr 1998
7.5
CVSS
CVE-1999-0012HIGH

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

6 Feb 1998
7.0
CVSS
CVE-1999-0239HIGHpoc

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

1 Jan 1998
7.5
CVSS
CVE-1999-1262MEDIUM

Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.

1 Aug 1997
5.1
CVSS
CVE-1999-0031LOW

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

8 Jul 1997
2.6
CVSS
CVE-1999-0868HIGH

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

20 Feb 1997
7.2
CVSS
CVE-1999-0174MEDIUMpoc

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

1 Feb 1997
6.4
CVSS
CVE-1999-0045HIGHpoc

List of arbitrary files on Web host via nph-test-cgi script.

10 Dec 1996
7.5
CVSS
CVE-1999-0043CRITICAL

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

4 Dec 1996
9.8
CVSS
CVE-1999-0141LOW

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

29 Mar 1996
3.7
CVSS
CVE-1999-0142HIGH

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

1 Mar 1996
7.5
CVSS
← PrevPage 3 / 3Next →