📦

navigator

Vendor: netscape

Login to add this product to WatchStack
Actively Exploited 2 CISA KEV List
PoC / Exploits 12 Code Available
Total RCEs 11 Remote Access
Total CVEs 53 Total Indexed
Avg. EPSS 9.79% Exploit Prob.
Latest CVE CVE-2023-29751 Jun 09

Security Vulnerability Index

Page 4 / 6
7.5 CVSS
CVE-2003-0553
RCE

Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.

EPSS: 3.28%
7.5 CVSS
CVE-2002-2061
RCE

Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.

EPSS: 3.38%
5.0 CVSS
CVE-2002-2338
Exploit Found

The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.

EPSS: 7.42%
5.0 CVSS
CVE-2002-2013

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

EPSS: 0.48%
7.5 CVSS
CVE-2002-1308
RCE

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

EPSS: 6.24%
7.5 CVSS
CVE-2002-1091

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

EPSS: 6.47%
7.5 CVSS
CVE-2002-0815

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

EPSS: 1.43%
5.0 CVSS
CVE-2002-0354

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

EPSS: 0.38%
7.5 CVSS
CVE-2002-0593

Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

EPSS: 3.40%
5.0 CVSS
CVE-2002-0594

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

EPSS: 2.06%