CVE-2004-1753

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugzilla.mozilla.org/show_bug.cgi?id=162134	Exploit
http://secunia.com/advisories/12392
http://www.securityfocus.com/archive/1/373080	Exploit
http://www.securityfocus.com/archive/1/373232	Exploit
http://www.securityfocus.com/archive/1/373309	Exploit
http://www.securityfocus.com/bid/11059	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17137

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:netscape:navigator:7.1:::::::*
	cpe:2.3:a:netscape:navigator:7.2:::::::*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-04 16:31

NVD link : CVE-2004-1753

Mitre link : CVE-2004-1753

CVE.ORG link : CVE-2004-1753

JSON object : View

Products Affected

netscape

navigator

mozilla

mozilla
firefox

CWE

NVD-CWE-Other

{"id": "CVE-2004-1753", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=162134", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12392", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/373080", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/373232", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/373309", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11059", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17137", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs."}], "lastModified": "2017-07-11T01:31:19.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78"}, {"criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3"}, {"criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}