CVE-2004-1122 - Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, wh

CVE-2004-1122

Summary

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

References

http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
http://secunia.com/advisories/12892
http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
http://secunia.com/secunia_research/2004-10/

Vulnerable Configurations

cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

apple	APPLE-SA-2004-12-02
misc	http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ http://secunia.com/secunia_research/2004-10/
secunia	12892

Last major update

10-09-2008 - 19:29

Published

10-01-2005 - 05:00

Last modified

10-09-2008 - 19:29