Netscape

Navigator

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2002-1091

Exploit
  • EPSS 5.2%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

7.5

CVE-2002-0815

  • EPSS 1.43%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domai...

5

CVE-2002-0354

  • EPSS 0.38%
  • Veröffentlicht 25.06.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the resu...

5

CVE-2002-0594

Exploit
  • EPSS 1.27%
  • Veröffentlicht 18.06.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

7.5

CVE-2002-0593

Exploit
  • EPSS 3.4%
  • Veröffentlicht 18.06.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

7.5

CVE-2000-1187

  • EPSS 1.43%
  • Veröffentlicht 09.01.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

5

CVE-2000-0087

  • EPSS 0.81%
  • Veröffentlicht 12.01.2000 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

7.5

CVE-1999-1189

Exploit
  • EPSS 2.35%
  • Veröffentlicht 24.11.1999 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an ...

2.6

CVE-1999-0827

  • EPSS 0.88%
  • Veröffentlicht 01.11.1999 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

2.6

CVE-1999-0762

  • EPSS 0.3%
  • Veröffentlicht 24.05.1999 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.