CVE-2004-1156

2004-12-3100:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.6%

JSON

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to
spoof arbitrary web sites by injecting content from one window into a
target window whose name is known but resides in a different domain, as
demonstrated using a pop-up window on a trusted web site, aka the “window
injection” vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.6+0dfsg-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.6+1-0ubuntu1UNKNOWN
ubuntu6.06noarchmozilla< 1.7.12-1.1ubuntu2UNKNOWN
ubuntu6.10noarchmozilla< 1.7.12-1.1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.6+0dfsg-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.6+1-0ubuntu1	UNKNOWN
ubuntu	6.06	noarch	mozilla	< 1.7.12-1.1ubuntu2	UNKNOWN
ubuntu	6.10	noarch	mozilla	< 1.7.12-1.1ubuntu2	UNKNOWN