IDCVSSSummaryLast (major) updatePublished
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
17-10-2016 - 23:38 09-12-2005 - 10:03
CVE-2004-0905 4.6
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a fr
17-10-2016 - 22:49 14-09-2004 - 00:00
CVE-2004-0904 10.0
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overfl
17-10-2016 - 22:49 31-12-2004 - 00:00
CVE-2004-0718 7.5
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other
17-10-2016 - 22:48 27-07-2004 - 00:00
CVE-2003-0553 7.5
Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.
17-10-2016 - 22:35 18-08-2003 - 00:00
CVE-2002-1308 7.5
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
17-10-2016 - 22:25 29-11-2002 - 00:00
CVE-2002-1091 7.5
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
17-10-2016 - 22:23 04-10-2002 - 00:00
CVE-2002-0815 7.5
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domai
17-10-2016 - 22:22 12-08-2002 - 00:00
CVE-2002-0354 5.0
The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the resu
17-10-2016 - 22:19 25-06-2002 - 00:00
CVE-2000-1187 7.5
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
17-10-2016 - 22:09 09-01-2001 - 00:00
CVE-2000-0087 5.0
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
17-10-2016 - 22:06 12-01-2000 - 00:00
CVE-1999-0440 7.5
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
17-10-2016 - 21:59 01-03-1999 - 00:00
CVE-2006-2894 4.0
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the
03-07-2013 - 11:07 07-06-2006 - 06:02
CVE-2008-2809 4.0
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in t
26-11-2012 - 22:47 08-07-2008 - 19:41
CVE-2005-0989 5.0
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
11-07-2011 - 00:00 02-05-2005 - 00:00
CVE-2006-6077 5.0
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matc
07-03-2011 - 21:45 24-11-2006 - 12:07
CVE-2006-4253 7.6
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by red
07-03-2011 - 21:40 21-08-2006 - 16:04
CVE-2006-1942 5.1
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-i
07-03-2011 - 00:00 20-04-2006 - 18:02
CVE-2005-1157 7.5
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in
21-08-2010 - 00:27 02-05-2005 - 00:00
CVE-2005-1156 7.5
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
21-08-2010 - 00:27 02-05-2005 - 00:00
CVE-2004-0722 10.0
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
21-08-2010 - 00:21 18-08-2004 - 00:00
CVE-2006-2613 4.3
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation pa
02-04-2010 - 03:53 25-05-2006 - 21:06
CVE-2009-2542 4.3
Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
04-09-2009 - 01:28 20-07-2009 - 14:30
CVE-2003-1560 5.0
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
29-01-2009 - 00:28 31-12-2003 - 00:00
CVE-2007-4042 7.5
Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue
15-11-2008 - 01:55 27-07-2007 - 18:30
CVE-2007-1377 5.0
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followe
15-11-2008 - 01:44 09-03-2007 - 19:19
CVE-2002-2061 7.5
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
10-09-2008 - 15:16 31-12-2002 - 00:00
CVE-1999-0869 2.6
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
09-09-2008 - 08:36 01-12-1998 - 00:00
CVE-1999-0827 2.6
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
09-09-2008 - 08:36 01-11-1999 - 00:00
CVE-1999-0762 2.6
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
09-09-2008 - 08:35 24-05-1999 - 00:00
CVE-1999-0142 7.5
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
09-09-2008 - 08:33 01-03-1996 - 00:00
CVE-1999-0141 3.7
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
09-09-2008 - 08:33 29-03-1996 - 00:00
CVE-2007-3924 9.3
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell
05-09-2008 - 17:26 20-07-2007 - 20:30
CVE-2004-1753 2.6
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs
05-09-2008 - 16:42 31-12-2004 - 00:00
CVE-2004-1160 7.5
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up win
05-09-2008 - 16:40 10-01-2005 - 00:00
CVE-2004-0528 5.0
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilit
05-09-2008 - 16:38 06-08-2004 - 00:00
CVE-2003-1492 5.0
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
05-09-2008 - 16:37 31-12-2003 - 00:00
CVE-2003-1419 4.3
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1265 2.1
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2002-2338 5.0
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of th
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-2013 5.0
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-0594 5.0
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
05-09-2008 - 16:28 18-06-2002 - 00:00
CVE-2002-0593 7.5
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
05-09-2008 - 16:28 18-06-2002 - 00:00
CVE-1999-1189 7.5
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an
05-09-2008 - 16:18 24-11-1999 - 00:00
Back to Top Mark selected
Back to Top