Netscape Communicator 4.51

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

Published: 2007-10-29T19:00:00.000Z
Updated: 2024-09-16T20:06:54.208Z

Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.

Published: 2007-10-18T10:00:00.000Z
Updated: 2024-08-08T03:59:11.410Z

Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.

Published: 2007-10-14T20:00:00.000Z
Updated: 2024-08-08T03:59:11.425Z

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Published: 2005-07-14T04:00:00.000Z
Updated: 2024-09-16T20:12:45.799Z

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:28:40.763Z

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:28:40.745Z

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:28:40.601Z

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

Published: 2000-10-13T04:00:00.000Z
Updated: 2024-08-08T05:21:30.563Z

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:14:21.541Z

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Published: 2000-07-12T04:00:00.000Z
Updated: 2024-08-08T05:14:21.543Z

Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.

Published: 2001-09-12T04:00:00.000Z
Updated: 2024-08-01T17:11:03.196Z

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Published: 2000-01-04T05:00:00.000Z
Updated: 2024-08-01T16:48:37.318Z

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Published: 1999-09-29T04:00:00.000Z
Updated: 2024-08-01T16:27:57.740Z