Communicator@4.0 Security Vulnerabilities and Issues — Communicator@4.0 CVE List

Lucene search

NetscapeCommunicator4.0

13 matches found

CVE•added 2000/06/02 4:0 a.m.•54 views

CVE-1999-0031

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

2.6CVSS7.5AI score0.02939EPSS

CVE•added 2000/10/13 4:0 a.m.•47 views

CVE-2000-0517

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

5CVSS6.5AI score0.00954EPSS

CVE•added 2000/10/20 4:0 a.m.•46 views

CVE-2000-0711

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

7.5CVSS7AI score0.06754EPSS

CVE•added 1999/09/29 4:0 a.m.•44 views

CVE-1999-0174

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

6.4CVSS6.9AI score0.08058EPSS

CVE•added 2000/10/13 4:0 a.m.•44 views

CVE-2000-0655

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

5CVSS8AI score0.15249EPSS

CVE•added 2000/04/18 4:0 a.m.•40 views

CVE-1999-0790

A remote attacker can read information from a Netscape user's cache via JavaScript.

2.6CVSS6.7AI score0.00351EPSS

CVE•added 2005/07/14 4:0 a.m.•40 views

CVE-2002-2013

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

5CVSS6.6AI score0.00477EPSS

CVE•added 2000/01/04 5:0 a.m.•39 views

CVE-1999-0809

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

5CVSS6.9AI score0.0061EPSS

CVE•added 2007/10/18 10:0 a.m.•37 views

CVE-2002-2284

Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.

6.4CVSS8.1AI score0.00321EPSS

CVE•added 2007/10/29 7:0 p.m.•37 views

CVE-2002-2338

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

5CVSS6.6AI score0.05291EPSS

CVE•added 2000/07/12 4:0 a.m.•32 views

CVE-2000-0406

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

2.6CVSS6.8AI score0.00744EPSS

CVE•added 2000/10/20 4:0 a.m.•30 views

CVE-2000-0676

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

5CVSS6.7AI score0.25173EPSS

CVE•added 2007/10/14 8:0 p.m.•27 views

CVE-2002-2248

Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

10CVSS8.4AI score0.04871EPSS