CVE-2000-0676

Netscape Communicator & Navigator <4.75 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0676. PoCs published by Dan Brumleve.

AI-analyzed exploit summary The vulnerability in Netscape Communicator's Java implementation allows malicious applets to bypass SecurityManager checks using netscape.net.URLConnection and netscape.net.URLInputStream classes, enabling unauthorized local file reads and firewall bypass via URL-based resource access.

Description

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dan Brumleve · textremotemultiple
https://www.exploit-db.com/exploits/20140

The vulnerability in Netscape Communicator's Java implementation allows malicious applets to bypass SecurityManager checks using netscape.net.URLConnection and netscape.net.URLInputStream classes, enabling unauthorized local file reads and firewall bypass via URL-based resource access.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Netscape Communicator (versions with Java support)
No auth needed
Prerequisites: Victim must run a vulnerable version of Netscape Communicator · Victim must visit a webpage hosting the malicious applet
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1546
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2000-15.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-054.html

Scores

EPSS 0.2049
EPSS Percentile 97.2%

Details

Status published
Products (14)
netscape/communicator 4.0
netscape/communicator 4.04
netscape/communicator 4.05
netscape/communicator 4.5
netscape/communicator 4.5_beta
netscape/communicator 4.06
netscape/communicator 4.6
netscape/communicator 4.07
netscape/communicator 4.08
netscape/communicator 4.51
... and 4 more
Published Oct 20, 2000
Tracked Since Feb 18, 2026