Vulnerability Details CVE-2004-1380
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.139
EPSS Ranking 93.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/12712
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
- http://secunia.com/multiple_browsers_form_field_focus_test/
- http://www.mozilla.org/security/announce/mfsa2005-05.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211
- http://secunia.com/advisories/12712
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
- http://secunia.com/multiple_browsers_form_field_focus_test/
- http://www.mozilla.org/security/announce/mfsa2005-05.html
- http://www.redhat.com/support/errata/RHSA-2005-323.html
- http://www.redhat.com/support/errata/RHSA-2005-335.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211
Products affected by CVE-2004-1380
-
cpe:2.3:a:mozilla:firefox:0.10
-
cpe:2.3:a:mozilla:firefox:0.10.1
-
cpe:2.3:a:mozilla:firefox:0.8
-
cpe:2.3:a:mozilla:firefox:0.9
-
cpe:2.3:a:mozilla:firefox:0.9.1
-
cpe:2.3:a:mozilla:firefox:0.9.2
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:mozilla:-
-
cpe:2.3:a:mozilla:mozilla:0.8
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.35
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.48
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:mozilla:mozilla:0.9.7
-
cpe:2.3:a:mozilla:mozilla:0.9.8
-
cpe:2.3:a:mozilla:mozilla:0.9.9
-
cpe:2.3:a:mozilla:mozilla:1.0
-
cpe:2.3:a:mozilla:mozilla:1.0.1
-
cpe:2.3:a:mozilla:mozilla:1.0.2
-
cpe:2.3:a:mozilla:mozilla:1.1
-
cpe:2.3:a:mozilla:mozilla:1.2
-
cpe:2.3:a:mozilla:mozilla:1.2.1
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.3.1
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:a:mozilla:mozilla:1.4.1
-
cpe:2.3:a:mozilla:mozilla:1.4.2
-
cpe:2.3:a:mozilla:mozilla:1.4.4
-
cpe:2.3:a:mozilla:mozilla:1.5
-
cpe:2.3:a:mozilla:mozilla:1.5.1
-
cpe:2.3:a:mozilla:mozilla:1.6
-
cpe:2.3:a:mozilla:mozilla:1.7
-
cpe:2.3:a:mozilla:mozilla:1.7.1
-
cpe:2.3:a:mozilla:mozilla:1.7.10
-
cpe:2.3:a:mozilla:mozilla:1.7.11
-
cpe:2.3:a:mozilla:mozilla:1.7.12
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:mozilla:mozilla:1.7.3
-
cpe:2.3:a:mozilla:mozilla:1.7.4
-
cpe:2.3:a:mozilla:mozilla:1.7.5
-
cpe:2.3:a:mozilla:mozilla:1.7.6
-
cpe:2.3:a:mozilla:mozilla:1.7.7
-
cpe:2.3:a:mozilla:mozilla:1.7.8
-
cpe:2.3:a:mozilla:mozilla:1.7.9
-
cpe:2.3:a:mozilla:mozilla:1.8
-
cpe:2.3:a:mozilla:mozilla:5.0