CVE-2004-1380

Опубликовано: 20 окт. 2004

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Ссылки

http://secunia.com/advisories/12712
Patch
Vendor Advisory
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
Vendor Advisory
http://secunia.com/multiple_browsers_form_field_focus_test/
Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-05.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-335.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211
http://secunia.com/advisories/12712
Patch
Vendor Advisory
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
Vendor Advisory
http://secunia.com/multiple_browsers_form_field_focus_test/
Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-05.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-335.html
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13929

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2004-1380

redhat

больше 20 лет назад

CVE-2004-1380

debian

больше 20 лет назад

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (backgroun ...

GHSA-vv9m-2w98-m7rf

github

около 3 лет назад

EPSS

Процентиль: 94%

0.13929

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other