Netscape: Security Vulnerabilities
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
CVSS Score
5.0
EPSS Score
0.252
Published
2000-10-20
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
CVSS Score
7.5
EPSS Score
0.068
Published
2000-10-20
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
CVSS Score
5.0
EPSS Score
0.152
Published
2000-07-25
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
CVSS Score
7.5
EPSS Score
0.016
Published
2000-06-26
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVSS Score
10.0
EPSS Score
0.033
Published
2000-06-21
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
CVSS Score
5.0
EPSS Score
0.01
Published
2000-05-26
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVSS Score
2.6
EPSS Score
0.007
Published
2000-05-10
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
CVSS Score
3.7
EPSS Score
0.001
Published
2000-05-10
A remote attacker can read information from a Netscape user's cache via JavaScript.
CVSS Score
2.6
EPSS Score
0.004
Published
2000-04-01
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
CVSS Score
5.0
EPSS Score
0.036
Published
2000-03-17