Netscape Communicator 4.7

CPE Details

Netscape Communicator 4.7
4.7
2007-08-23
19h16 +00:00
2007-09-14
15h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:netscape:communicator:4.7:*:*:*:*:*:*:*

Informations

Vendor

netscape

Product

communicator

Version

4.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2002-2338 2007-10-29 19h00 +00:00 The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
5
CVE-2002-2284 2007-10-18 08h00 +00:00 Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.
6.4
CVE-2002-2248 2007-10-14 18h00 +00:00 Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method.
10
CVE-2002-2013 2005-07-14 04h00 +00:00 Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
5
CVE-1999-1189 2004-09-01 02h00 +00:00 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
7.5
CVE-2002-1204 2002-11-21 04h00 +00:00 Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.
5
CVE-2000-0087 2002-06-25 02h00 +00:00 Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
5
CVE-1999-1226 2002-03-09 04h00 +00:00 Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
2.6
CVE-2001-0596 2002-03-09 04h00 +00:00 Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
7.5
CVE-1999-1357 2001-09-12 02h00 +00:00 Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
7.5
CVE-2000-1187 2001-01-22 04h00 +00:00 Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
7.5
CVE-2000-0517 2000-10-13 02h00 +00:00 Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
5
CVE-2000-0655 2000-10-13 02h00 +00:00 Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
5
CVE-2000-0711 2000-10-13 02h00 +00:00 Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
7.5
CVE-2000-0034 2000-07-12 02h00 +00:00 Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
5
CVE-2000-0406 2000-07-12 02h00 +00:00 Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
2.6
CVE-2000-0409 2000-07-12 02h00 +00:00 Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
3.7
CVE-1999-0537 2000-02-04 04h00 +00:00 A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
7.5
CVE-1999-1002 2000-02-04 04h00 +00:00 Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
5