Vulnerability Description
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.8 |
| Mozilla | Mozilla | All versions |
References
- http://secunia.com/advisories/12712ExploitPatchVendor Advisory
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
- http://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
- http://www.mozilla.org/security/announce/mfsa2005-05.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/12712ExploitPatchVendor Advisory
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/Vendor Advisory
- http://secunia.com/multiple_browsers_form_field_focus_test/Vendor Advisory
- http://www.mozilla.org/security/announce/mfsa2005-05.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2004-1381?
CVE-2004-1381 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers ...
How severe is CVE-2004-1381?
CVE-2004-1381 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1381?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla.