Netscape Netscape

  1. Vendors
  2. Netscape

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Netscape product.

RSS Feeds for Netscape security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Netscape products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Netscape Sorted by Most Security Vulnerabilities since 2018

Netscape Communicator9 vulnerabilities

Netscape Navigator8 vulnerabilities

Netscape Enterprise Server6 vulnerabilities

Netscape Fasttrack Server3 vulnerabilities

Netscape News Server2 vulnerabilities

Netscape Commerce Server1 vulnerability

Netscape Communications Server1 vulnerability

Netscape Directory Server1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Netscape. Netscape did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 6.10

It may take a day or so for new Netscape vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Netscape Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2018-18940 Jan 31, 2019
servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued.
Enterprise Server
CVE-2007-3924 Jul 21, 2007
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.
Navigator
CVE-2007-1377 Mar 10, 2007
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
Navigator
CVE-2006-4253 Aug 21, 2006
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
Navigator
CVE-2002-0815 Aug 12, 2002
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
Navigator
CVE-1999-0758 Mar 12, 2001
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.
Fasttrack Server
Enterprise Server
CVE-1999-0892 Dec 24, 1999
Buffer overflow in Netscape Communicator before 4.7 Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
Communicator
CVE-2000-0034 Dec 22, 1999
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
Communicator
CVE-1999-0827 Nov 01, 1999
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
Navigator
CVE-1999-0809 Jul 09, 1999
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
Communicator
CVE-1999-0752 Jul 06, 1999
Denial of service in Netscape Enterprise Server Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
Enterprise Server
CVE-1999-0762 May 24, 1999
When Javascript is embedded within the TITLE tag, Netscape Communicator When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
Communicator
Navigator
CVE-1999-0807 May 01, 1999
The Netscape Directory Server installation procedure leaves sensitive information in a file The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
Directory Server
CVE-1999-0424 Mar 18, 1999
talkback in Netscape 4.5 talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
Communicator
CVE-1999-0425 Mar 18, 1999
talkback in Netscape 4.5 talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
Communicator
CVE-1999-0869 Dec 01, 1998
Internet Explorer 3.x to 4.01 Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
Navigator
CVE-1999-0269 Aug 01, 1998
Netscape Enterprise servers may list files through the PageServices query. Netscape Enterprise servers may list files through the PageServices query.
Enterprise Server
CVE-1999-0537 Apr 01, 1998
A configuration in a web browser such as Internet Explorer or Netscape Navigator A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
Communicator
CVE-1999-0012 Feb 06, 1998
Some web servers under Microsoft Windows Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
Fasttrack Server
Enterprise Server
CVE-1999-0239 Jan 01, 1998
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
Fasttrack Server
CVE-1999-0031 Jul 08, 1997
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
Communicator
CVE-1999-0868 Feb 20, 1997
ucbmail allows remote attackers to execute commands via shell metacharacters ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
News Server
CVE-1999-0174 Feb 01, 1997
The view-source CGI program allows remote attackers to read arbitrary files via a The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Communicator
CVE-1999-0045 Dec 10, 1996
List of arbitrary files on Web host List of arbitrary files on Web host via nph-test-cgi script.
Communications Server
Enterprise Server
Commerce Server
And others...
CVE-1999-0043 Dec 04, 1996
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
News Server
CVE-1999-0142 Mar 01, 1996
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
Navigator
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.