Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1380

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1380
Last Modified 21 Aug 2010 12:22:19
Published 20 Oct 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1380

Summary

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Vulnerable Systems

Application

  • Mozilla

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3


References

XF - web-browser-modal-spoofing(18864)

REDHAT - RHSA-2005:335

REDHAT - RHSA-2005:323

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-05.html

SECUNIA - 12712

MISC - http://secunia.com/multiple_browsers_form_field_focus_test/

MISC - http://secunia.com/multiple_browsers_dialog_box_spoofing_test/


Last Updated: 27 May 2016 10:39:01