Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1753

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-1753
Last Modified 05 Sep 2008 04:42:15
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1753

Summary

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

Vulnerable Systems

Application

  • Mozilla 1.7.2

  • Mozilla Firefox 0.9.3

  • Netscape Navigator 7.1

  • Netscape Navigator 7.2


References

XF - netscape-java-tab-spoofing(17137)

BID - 11059

BUGTRAQ - 20040827 Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)

BUGTRAQ - 20040826 Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State)

SECUNIA - 12392

MISC - http://bugzilla.mozilla.org/show_bug.cgi?id=162134


Last Updated: 27 May 2016 10:39:10