Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1381

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1381
Last Modified 10 Sep 2008 03:30:04
Published 20 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1381

Summary

Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.

Vulnerable Systems

Application

  • Mozilla

  • Mozilla 1.3

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.5

  • Mozilla 1.5.1

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla Firefox 0.10

  • Mozilla Firefox 0.10.1

  • Mozilla Firefox 0.8

  • Mozilla Firefox 0.9

  • Mozilla Firefox 0.9.1

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 0.9.3


References

CONFIRM - http://www.mozilla.org/security/announce/mfsa2005-05.html

SECUNIA - 12712

XF - web-browser-inactive-info-disclosure(17789)

MISC - http://secunia.com/multiple_browsers_form_field_focus_test/

MISC - http://secunia.com/multiple_browsers_dialog_box_spoofing_test/


Last Updated: 27 May 2016 10:39:01