Vulnerability Description
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | 0.9.3 |
| Mozilla | Mozilla | 1.7.2 |
| Netscape | Navigator | 7.1 |
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=162134Exploit
- http://secunia.com/advisories/12392
- http://www.securityfocus.com/archive/1/373080Exploit
- http://www.securityfocus.com/archive/1/373232Exploit
- http://www.securityfocus.com/archive/1/373309Exploit
- http://www.securityfocus.com/bid/11059Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17137
- http://bugzilla.mozilla.org/show_bug.cgi?id=162134Exploit
- http://secunia.com/advisories/12392
- http://www.securityfocus.com/archive/1/373080Exploit
- http://www.securityfocus.com/archive/1/373232Exploit
- http://www.securityfocus.com/archive/1/373309Exploit
- http://www.securityfocus.com/bid/11059Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17137
FAQ
What is CVE-2004-1753?
CVE-2004-1753 is a vulnerability with a CVSS score of 2.6 (LOW). The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allow...
How severe is CVE-2004-1753?
CVE-2004-1753 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1753?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Mozilla, Netscape Navigator.