[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1156Date: (C)2004-12-31   (M)2024-03-27


Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-13129
GLSA-200503-10
GLSA-200503-30
RHSA-2005:176
RHSA-2005:384
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/
http://www.mozilla.org/security/announce/mfsa2005-13.html
oval:org.mitre.oval:def:100045
oval:org.mitre.oval:def:10117

CPE    51
cpe:/a:mozilla:mozilla:1.1:beta
cpe:/a:mozilla:mozilla:1.4
cpe:/a:mozilla:mozilla:0.9.35
cpe:/a:mozilla:mozilla:1.3
...
OVAL    1
oval:org.mitre.oval:def:100045

© SecPod Technologies