Lucene search

[email protected]CVE-2004-1753

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1753

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apple

java

plugin

netscape

mozilla

firefox

macos x

tabbed browsing

setwindow

phishing

cve-2004-1753

6.7 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

CPENameOperatorVersion
netscape:navigatornetscape navigatoreq7.1
netscape:navigatornetscape navigatoreq7.2
mozilla:firefoxmozilla firefoxeq0.9.3
mozilla:mozillamozillaeq1.7.2

CPE	Name	Operator	Version
netscape:navigator	netscape navigator	eq	7.1
netscape:navigator	netscape navigator	eq	7.2
mozilla:firefox	mozilla firefox	eq	0.9.3
mozilla:mozilla	mozilla	eq	1.7.2

References

bugzilla.mozilla.org/show_bug.cgi?id=162134

secunia.com/advisories/12392

www.securityfocus.com/archive/1/373080

www.securityfocus.com/archive/1/373232

www.securityfocus.com/archive/1/373309

www.securityfocus.com/bid/11059

exchange.xforce.ibmcloud.com/vulnerabilities/17137

6.7 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2004-1753

cvelist1