CVE-2004-1380

medium

Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050

https://exchange.xforce.ibmcloud.com/vulnerabilities/18864

http://www.redhat.com/support/errata/RHSA-2005-335.html

http://www.redhat.com/support/errata/RHSA-2005-323.html

http://www.mozilla.org/security/announce/mfsa2005-05.html

http://secunia.com/multiple_browsers_form_field_focus_test/

http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

http://secunia.com/advisories/12712

Details

Source: Mitre, NVD

Published: 2004-10-20

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium