Navigator Security Vulnerabilities and Issues — Navigator CVE List

Lucene search

NetscapeNavigator

8 matches found

CVE•added 2004/12/31 5:0 a.m.•74 views

CVE-2004-0904

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

10CVSS7.7AI score0.20716EPSS

CVE•added 2004/07/27 4:0 a.m.•73 views

CVE-2004-0718

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

7.5CVSS6AI score0.0191EPSS

CVE•added 2004/08/18 4:0 a.m.•64 views

CVE-2004-0722

Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.

10CVSS7.4AI score0.23108EPSS

CVE•added 2004/09/24 4:0 a.m.•56 views

CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

4.6CVSS6.8AI score0.05741EPSS

CVE•added 2004/08/06 4:0 a.m.•47 views

CVE-2004-0528

Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

5CVSS7AI score0.03062EPSS

CVE•added 2004/09/01 4:0 a.m.•42 views

CVE-1999-1189

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

7.5CVSS8.1AI score0.02353EPSS

CVE•added 2004/09/01 4:0 a.m.•40 views

CVE-2002-1091

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

7.5CVSS7.6AI score0.04513EPSS

CVE•added 2004/09/01 4:0 a.m.•37 views

CVE-2002-1308

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

7.5CVSS8.1AI score0.05421EPSS