Navigator Netscape Navigator

Do you want an email whenever new security vulnerabilities are reported in Netscape Navigator?

By the Year

In 2021 there have been 0 vulnerabilities in Netscape Navigator . Navigator did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Navigator vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Netscape Navigator Security Vulnerabilities

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line

CVE-2007-3924 - July 21, 2007

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape; this issue could arise with other protocol handlers in IE.

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer

CVE-2002-0815 - August 12, 2002

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which

CVE-1999-0827 - November 01, 1999

By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

Internet Explorer 3.x to 4.01

CVE-1999-0869 - December 01, 1998

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Netscape Navigator or by Netscape? Click the Watch button to subscribe.

Netscape
Vendor

subscribe