CVE-2002-1766 – Netscape 4.77 - Composer Font Face Field Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1766
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute. • https://www.exploit-db.com/exploits/21544 http://online.securityfocus.com/archive/1/276876 http://www.securityfocus.com/bid/5010 https://exchange.xforce.ibmcloud.com/vulnerabilities/9355 •
CVE-2002-2248
https://notcve.org/view.php?id=CVE-2002-2248
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method. • http://marc.info/?l=bugtraq&m=103834439321292&w=2 http://www.securityfocus.com/bid/6256 https://exchange.xforce.ibmcloud.com/vulnerabilities/10706 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-2284
https://notcve.org/view.php?id=CVE-2002-2284
Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. • http://marc.info/?l=bugtraq&m=103798147613151&w=2 http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf http://www.securityfocus.com/bid/6223 https://exchange.xforce.ibmcloud.com/vulnerabilities/10714 •
CVE-2002-2013
https://notcve.org/view.php?id=CVE-2002-2013
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. • http://alive.znep.com/~marcs/security/mozillacookie/demo.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html http://www.iss.net/security_center/static/7973.php http://www.securityfocus.com/bid/3925 •
CVE-2002-2308
https://notcve.org/view.php?id=CVE-2002-2308
Netscape Communicator 6.2.1 allows remote attackers to cause a denial of service in client browsers via a webpage containing a recursive META refresh tag where the content tag is blank and the URL tag references itself. • http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000600.html http://www.iss.net/security_center/static/9645.php •