Search Results (120 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4134 4 K-meleon Project, Mozilla, Netscape and 1 more 5 K-meleon, Firefox, Mozilla Suite and 2 more 2026-04-16 N/A
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
CVE-2006-1942 3 K-meleon Project, Mozilla, Netscape 3 K-meleon, Firefox, Navigator 2026-04-16 N/A
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
CVE-2006-2894 2 Mozilla, Netscape 4 Firefox, Mozilla Suite, Seamonkey and 1 more 2026-04-16 N/A
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
CVE-2001-0164 1 Netscape 1 Directory Server 2026-04-16 N/A
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.
CVE-2006-4253 4 K-meleon Project, Mozilla, Netscape and 1 more 4 K-meleon, Firefox, Navigator and 1 more 2026-04-16 N/A
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
CVE-1999-0440 2 Netscape, Sun 3 Communicator, Navigator, Java 2026-04-16 N/A
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-1999-0479 2 Hp, Netscape 2 Hp-ux, Enterprise Server 2026-04-16 N/A
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
CVE-2006-2613 2 Mozilla, Netscape 3 Firefox, Mozilla Suite, Navigator 2026-04-16 N/A
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
CVE-1999-0744 1 Netscape 2 Enterprise Server, Fasttrack Server 2026-04-16 N/A
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
CVE-2000-0034 1 Netscape 1 Communicator 2026-04-16 N/A
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
CVE-1999-0790 1 Netscape 1 Communicator 2026-04-16 N/A
A remote attacker can read information from a Netscape user's cache via JavaScript.
CVE-1999-0827 2 Microsoft, Netscape 3 Ie, Internet Explorer, Navigator 2026-04-16 N/A
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
CVE-1999-1002 1 Netscape 1 Communicator 2026-04-16 N/A
Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
CVE-1999-1189 1 Netscape 2 Communicator, Navigator 2026-04-16 N/A
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
CVE-1999-1226 1 Netscape 1 Communicator 2026-04-16 N/A
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
CVE-1999-0031 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2026-04-16 N/A
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
CVE-1999-0239 1 Netscape 1 Fasttrack Server 2026-04-16 7.5 High
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
CVE-2000-0236 1 Netscape 1 Enterprise Server 2026-04-16 N/A
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
CVE-2000-0577 1 Netscape 1 Professional Services Ftpserver 2026-04-16 N/A
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0655 2 Mozilla, Netscape 2 Mozilla, Communicator 2026-04-16 N/A
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.