Vulnerability Details CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.1%
CVSS Severity
CVSS v2 Score 2.6
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=162134
- http://secunia.com/advisories/12392
- http://www.securityfocus.com/archive/1/373080
- http://www.securityfocus.com/archive/1/373232
- http://www.securityfocus.com/archive/1/373309
- http://www.securityfocus.com/bid/11059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17137
- http://bugzilla.mozilla.org/show_bug.cgi?id=162134
- http://secunia.com/advisories/12392
- http://www.securityfocus.com/archive/1/373080
- http://www.securityfocus.com/archive/1/373232
- http://www.securityfocus.com/archive/1/373309
- http://www.securityfocus.com/bid/11059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17137
Products affected by CVE-2004-1753
-
cpe:2.3:a:mozilla:firefox:0.9.3
-
cpe:2.3:a:mozilla:mozilla:1.7.2
-
cpe:2.3:a:netscape:navigator:7.1
-
cpe:2.3:a:netscape:navigator:7.2