Vulnerability Description
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 1.2.3 |
References
- http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
- http://secunia.com/advisories/12892
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
- http://secunia.com/secunia_research/2004-10/
- http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
- http://secunia.com/advisories/12892
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
- http://secunia.com/secunia_research/2004-10/
FAQ
What is CVE-2004-1122?
CVE-2004-1122 is a vulnerability with a CVSS score of 7.5 (HIGH). Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "D...
How severe is CVE-2004-1122?
CVE-2004-1122 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1122?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.