CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2CVE-2004-0528 – Netscape Navigator 7.1 - Embedded Image URI Obfuscation
https://notcve.org/view.php?id=CVE-2004-0528
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. Netscape Navigator 7.1 permite a atacantes remotos suplantar URL legítimas en la barra de estado mediante etiquetas A HREF con valores "alt" modificados que apuntan al sitio legítimo, combinado con un mapa de imagen cuyo HREF apunta al sitio malicioso, lo que facilita ataques de suplantación para robo de datos (phising)". • https://www.exploit-db.com/exploits/24137 http://www.osvdb.org/6580 http://www.securityfocus.com/bid/10389 https://exchange.xforce.ibmcloud.com/vulnerabilities/16102 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1560
https://notcve.org/view.php?id=CVE-2003-1560
Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/4004 http://www.securityfocus.com/archive/1/348574 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2003-1265
https://notcve.org/view.php?id=CVE-2003-1265
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html http://www.iss.net/security_center/static/10963.php http://www.securityfocus.com/bid/6499 http://www.securitytracker.com/id?1005871 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2003-1492
https://notcve.org/view.php?id=CVE-2003-1492
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. • http://www.securityfocus.com/archive/1/319919 http://www.securityfocus.com/bid/7456 https://exchange.xforce.ibmcloud.com/vulnerabilities/11924 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 3CVE-2003-1419 – Netscape 7.0 - JavaScript Regular Expression Denial of Service
https://notcve.org/view.php?id=CVE-2003-1419
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. • https://www.exploit-db.com/exploits/22287 http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html http://www.securityfocus.com/bid/6959 https://exchange.xforce.ibmcloud.com/vulnerabilities/11444 • CWE-20: Improper Input Validation •