CVE-2004-1380

Vulnerability Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

CVSS Score

Affected Products

References

• http://secunia.com/advisories/12712PatchVendor Advisory
• http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
• http://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
• http://www.mozilla.org/security/announce/mfsa2005-05.htmlPatchVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatchVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatchVendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
• http://secunia.com/advisories/12712PatchVendor Advisory
• http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
• http://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
• http://www.mozilla.org/security/announce/mfsa2005-05.htmlPatchVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-323.htmlPatchVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2005-335.htmlPatchVendor Advisory