Netscape: >> Communicator >> 4.0 Security Vulnerabilities
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVSS Score
2.6
EPSS Score
0.007
Published
2000-05-10
A remote attacker can read information from a Netscape user's cache via JavaScript.
CVSS Score
2.6
EPSS Score
0.004
Published
2000-04-01
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
CVSS Score
2.6
EPSS Score
0.005
Published
1999-10-28
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
CVSS Score
7.5
EPSS Score
0.012
Published
1999-10-05
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
CVSS Score
5.0
EPSS Score
0.006
Published
1999-07-09
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
CVSS Score
7.5
EPSS Score
0.009
Published
1998-04-01
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
CVSS Score
2.6
EPSS Score
0.029
Published
1997-07-08
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVSS Score
6.4
EPSS Score
0.034
Published
1997-02-01
Page 2