LiveActive security incident?Get immediate response
CVE Record

CVE-1999-0809: Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they hav...

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This old browser issue affects Netscape Communicator 4.x when JavaScript is enabled. A selected cookie privacy option may not produce the expected warning, reducing user visibility into cookie handling. The provided sources do not show a severity score, patch, or active exploitation.

Executive priority

Low immediate priority unless legacy Netscape Communicator use exists. The main business action is confirming absence from the environment or retiring any remaining installations.

Technical view

CVE-1999-0809 describes Netscape Communicator 4.x failing to warn users about cookie settings despite selecting same-server cookie acceptance behavior, when JavaScript is enabled. The bundle provides no CVSS, CWE, reliable affected CPEs, exploit evidence, or remediation version.

Likely exposure

Likely limited to legacy environments where Netscape Communicator 4.x is still installed or preserved for compatibility, testing, or archival workflows.

Exploitation context

The provided bundle does not cite active exploitation, and KEV status is false. Treat this as a legacy privacy-control weakness unless internal evidence shows active use.

Researcher notes

Evidence is sparse. The CVE description is the primary technical source, with IBM X-Force listed as a reference. No patch level, exploit details, CVSS, CWE, or affected CPE data are provided in the bundle.

Mitigation direction

  • Inventory for Netscape Communicator 4.x installations.
  • Remove or replace any remaining Netscape Communicator 4.x use.
  • Check vendor or archival guidance for official remediation details.
  • Disable JavaScript for any temporary exception.
  • Limit temporary use to trusted internal content only.

Validation and detection

  • Confirm whether Netscape Communicator 4.x exists on managed endpoints.
  • Check whether JavaScript is enabled in any remaining installation.
  • Review browser cookie settings against documented business need.
  • Confirm compensating controls for any temporary exception.
  • Document any accepted legacy risk and owner.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-1999-0809 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.