ID CVE-2004-1380
Summary Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2007-09-27T08:57:38.656-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    description Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
    family windows
    id oval:org.mitre.oval:def:100050
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Mozilla Inactive Tab Dialog Box Vulnerability
    version 6
  • accepted 2013-04-29T04:03:34.601-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
    family unix
    id oval:org.mitre.oval:def:10211
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
    version 29
redhat via4
advisories
  • rhsa
    id RHSA-2005:323
  • rhsa
    id RHSA-2005:335
rpms
  • devhelp-0:0.9.2-2.4.3
  • devhelp-debuginfo-0:0.9.2-2.4.3
  • devhelp-devel-0:0.9.2-2.4.3
  • evolution-0:2.0.2-14
  • evolution-debuginfo-0:2.0.2-14
  • evolution-devel-0:2.0.2-14
refmap via4
confirm http://www.mozilla.org/security/announce/mfsa2005-05.html
misc
secunia 12712
xf web-browser-modal-spoofing(18864)
Last major update 11-10-2017 - 01:29
Published 20-10-2004 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top