Vulnerability CVE-1999-0762

Vulnerability Name:

CVE-1999-0762 (CCN-2205)

Assigned:

1999-05-24

Published:

1999-05-24

Updated:

2022-08-17

Summary:

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-1999-0762

Source: CCN
Type: BugTraq Mailing List, 1999-05-24 11:24:13
Netscape Communicator JavaScript in security vulnerability</A> Source: CCN Type: Georgi Guninski Vulnerability Demonstration <A TARGET="CVEREF" HREF="http://www.guninski.com/titlecache.html">JavaScript code in TITLE vulnerabilities ver. 4.6 and below</A> Source: CCN Type: CNet News.com <A TARGET="CVEREF" HREF="http://www.news.com/News/Item/0,4,37842,00.html">AOL, Microsoft move to squash bugs</A> Source: CCN Type: OSVDB ID: 11290 <A TARGET="CVEREF" HREF="http://www.osvdb.org/osvdb/11290">Netscape Communicator Javascript TITLE Tag Embedded Javascript</A> Source: XF Type: UNKNOWN <A TARGET="CVEREF" HREF="https://exchange.xforce.ibmcloud.com/vulnerabilities/2205">netscape-title(2205)</A> Source: MISC Type: UNKNOWN <A TARGET="CVEREF" HREF="https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762">https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762</A> </TD></TR><TR><TD CLASS="cvebg" WIDTH="25%" VALIGN="TOP">Vulnerable Configuration:</TD CLASS="cvenobg"><TD CLASS="cvenobg" VALIGN="TOP" WIDTH="500" STYLE="margin-top: 0px;">Configuration 1: <LI CLASS="confleaf1 vulnerable"><A CLASS="vulnerable" HREF="/cgi-bin/skdb.pl/PVID/5701443.html">cpe:/a:netscape:communicator:4.6:*:windows_95:*:*:*:*:*</A></LI><LI CLASS="confleaf2 vulnerable">OR <A CLASS="vulnerable" HREF="/cgi-bin/skdb.pl/PVID/97079.html">cpe:/a:netscape:communicator:4.x:*:*:*:*:*:*:*</A></LI><LI CLASS="confleaf2 vulnerable">OR <A CLASS="vulnerable" HREF="/cgi-bin/skdb.pl/PVID/96826.html">cpe:/a:netscape:navigator:*:*:*:*:*:*:*:*</A></LI> Configuration CCN 1: <LI CLASS="confleaf1 vulnerable"><A CLASS="vulnerable" HREF="/cgi-bin/skdb.pl/PVID/96826.html">cpe:/a:netscape:navigator:*:*:*:*:*:*:*:*</A></LI><LI CLASS="confleaf2 vulnerable">OR <A CLASS="vulnerable" HREF="/cgi-bin/skdb.pl/PVID/97008.html">cpe:/a:netscape:communicator:*:*:*:*:*:*:*:*</A></LI> <IMG SRC="/images/star.png" ALT="*"> Denotes that component is vulnerable</TD></TR> <TR><TD COLSPAN="2" ALIGN="CENTER"><A HREF="javascript:history.go(-1)">BACK</A></TD></TR> </table></center> <div itemscope itemtype="http://schema.org/Product" style="display:none">netscape communicator 4.6 </div><div itemscope itemtype="http://schema.org/Product" style="display:none">netscape communicator 4.x </div><div itemscope itemtype="http://schema.org/Product" style="display:none">netscape navigator * </div><div itemscope itemtype="http://schema.org/Product" style="display:none">netscape navigator *</div><div itemscope itemtype="http://schema.org/Product" style="display:none">netscape communicator *</div> </body> </html>