CVE-2004-0191
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:10:03.820Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2004:110", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-110.html" }, { "name": "RHSA-2004:112", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-112.html" }, { "name": "SSRT4722", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=108448379429944\u0026w=2" }, { "name": "4062", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/4062" }, { "name": "mozilla-event-handler-xss(15322)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322" }, { "name": "9747", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/9747" }, { "name": "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=107774710729469\u0026w=2" }, { "name": "oval:org.mitre.oval:def:937", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937" }, { "name": "oval:org.mitre.oval:def:874", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2011-07-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2004:110", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-110.html" }, { "name": "RHSA-2004:112", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2004-112.html" }, { "name": "SSRT4722", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=108448379429944\u0026w=2" }, { "name": "4062", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/4062" }, { "name": "mozilla-event-handler-xss(15322)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322" }, { "name": "9747", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/9747" }, { "name": "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=107774710729469\u0026w=2" }, { "name": "oval:org.mitre.oval:def:937", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937" }, { "name": "oval:org.mitre.oval:def:874", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0191", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2004:110", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-110.html" }, { "name": "RHSA-2004:112", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-112.html" }, { "name": "SSRT4722", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=108448379429944\u0026w=2" }, { "name": "4062", "refsource": "OSVDB", "url": "http://www.osvdb.org/4062" }, { "name": "mozilla-event-handler-xss(15322)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322" }, { "name": "9747", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9747" }, { "name": "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=107774710729469\u0026w=2" }, { "name": "oval:org.mitre.oval:def:937", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937" }, { "name": "oval:org.mitre.oval:def:874", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874" }, { "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", "refsource": "CONFIRM", "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0191", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-03-03T00:00:00", "dateUpdated": "2024-08-08T00:10:03.820Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2004-0191\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-03-15T05:00:00.000\",\"lastModified\":\"2024-11-20T23:47:58.223\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.\"},{\"lang\":\"es\",\"value\":\"Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva p\u00e1gina mientras se est\u00e1 cargando, permiti\u00e9ndolo interactuar con la p\u00e1gina anterior (\\\"documento zombi\\\") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA58BA23-4CFE-40F8-A2F4-104007E12E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F00276-9071-4B96-B49C-2E0898476874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB84CC9B-346B-4AF4-929E-D56D85960103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9420CD82-0E5F-4486-9AF8-9DCD6ED7E037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A9C79AB-4ABE-49E6-BAB2-94610AE0316F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04DE7CCB-79B8-4F9B-AC14-E4A100F9E473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1444C77E-FF98-40E5-9CA9-B4C71B3C9304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B40771F-30CB-45D0-9EDE-1F13852085B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47315EC4-1EED-4070-A087-8E37C8FE6703\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F1EB38F-CEB2-40BC-AA5D-CC539F597137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6B0681-B96F-405C-8042-1BF2DDB41648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCDAEAE6-BA9F-4D40-B264-4A72930239E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9296197-0EE0-4CC0-A11F-E44E3443E990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76ACC55-754D-4501-8312-5A4E10D053B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8987151-0901-4547-B750-5DC470BB9CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53E60BCC-6D1C-489E-9F3B-9BE42B46704F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A87ED8-9E1F-4C2C-B806-A41765081C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"C795D86F-9B08-41FE-B82B-5BBB3DE6357D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"2637D552-4A3D-4867-B52A-ACCED8681AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC237C8-CFE0-4128-B549-93CD16894E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8EA79A-8426-44CF-AF13-58F7EF8B6D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"367A5D46-0FF3-4140-9478-251363822E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C656A621-BE62-4BB8-9B25-A3916E60FA12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8DE4889-424F-4A44-8C14-9F18821CE961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3F91A1-7DD9-4146-8BA4-BE594C66DD30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"82A6419D-0E94-4D80-8B07-E5AB4DBA2F28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"1003D688-3EEA-45F9-BB2C-5BAB395D7678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED69BEB9-8D83-415B-826D-9D17FB67976B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCDB64E5-AE26-43DF-8A66-654D5D22A635\"}]}]}],\"references\":[{\"url\":\"http://bugzilla.mozilla.org/show_bug.cgi?id=227417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107774710729469\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108448379429944\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/4062\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-110.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-112.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/9747\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/15322\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugzilla.mozilla.org/show_bug.cgi?id=227417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107774710729469\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=108448379429944\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/4062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-110.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-112.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/9747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/15322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.