Every CVE whose affected-product data names Netscape Navigator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2004-0722 — CVSS 10.0 (critical): Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier…
CVE-2004-0904 — CVSS 10.0 (critical): Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before…
CVE-2007-3924 — CVSS 9.3 (critical): Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs…
CVE-2006-4253 — CVSS 7.6 (high): Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly…
CVE-2004-0718 — CVSS 7.5 (high): The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain…
CVE-2005-1156 — CVSS 7.5 (high): Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new…
CVE-2004-1160 — CVSS 7.5 (high): Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window…
CVE-1999-0440 — CVSS 7.5 (high): The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-2002-0593 — CVSS 7.5 (high): Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly…
CVE-2007-4042 — CVSS 7.5 (high): Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte…
CVE-2002-0815 — CVSS 7.5 (high): The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web…
CVE-2002-1091 — CVSS 7.5 (high): Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image…
CVE-2002-1308 — CVSS 7.5 (high): Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a…
CVE-2002-2061 — CVSS 7.5 (high): Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute…
CVE-2003-0553 — CVSS 7.5 (high): Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code…
CVE-2005-1157 — CVSS 7.5 (high): Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with…
CVE-1999-1189 — CVSS 7.5 (high): Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service…
CVE-1999-0142 — CVSS 7.5 (high): The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to…
CVE-2000-1187 — CVSS 7.5 (high): Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password…
CVE-2006-1942 — CVSS 5.1 (medium): Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted…
CVE-2005-4134 — CVSS 5.0 (medium): Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU…
CVE-2000-0087 — CVSS 5.0 (medium): Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for…
CVE-2002-0354 — CVSS 5.0 (medium): The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories…
CVE-2002-0594 — CVSS 5.0 (medium): Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK…
CVE-2002-2013 — CVSS 5.0 (medium): Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a…
CVE-2002-2338 — CVSS 5.0 (medium): The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of…
CVE-2003-1492 — CVSS 5.0 (medium): Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a…
CVE-2003-1560 — CVSS 5.0 (medium): Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially…
CVE-2004-0528 — CVSS 5.0 (medium): Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that…
CVE-2005-0989 — CVSS 5.0 (medium): The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows…
CVE-2006-6077 — CVSS 5.0 (medium): The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other…
CVE-2007-1377 — CVSS 5.0 (medium): AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of…
CVE-2004-0905 — CVSS 4.6 (medium): Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform…
CVE-2003-1419 — CVSS 4.3 (medium): Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the…
CVE-2006-2613 — CVSS 4.3 (medium): Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other…
CVE-2009-2542 — CVSS 4.3 (medium): Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length…
CVE-2008-2809 — CVSS 4.0 (medium): Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other…
CVE-2006-2894 — CVSS 4.0 (medium): Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape…
CVE-1999-0141 — CVSS 3.7 (low): Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
CVE-2004-1753 — CVSS 2.6 (low): The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is…
CVE-1999-0762 — CVSS 2.6 (low): When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access…
CVE-1999-0869 — CVSS 2.6 (low): Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-1999-0827 — CVSS 2.6 (low): By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame…
CVE-2003-1265 — CVSS 2.1 (low): Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could…