CVE-2004-1156 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedDec 31

Latest updateApr 29

Description

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox8 versions+7

▶NVDmozilla/mozilla31 versions+30

🔴Vulnerability Details

GHSA

GHSA-g6f4-4jhr-qjg5: Mozilla before 1↗2022-04-29

▶

CVEList

CVE-2004-1156: Mozilla before 1↗2004-12-10

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

Red Hat

security flaw↗2004-12-08

▶

💬Community

Bugzilla

CVE-2004-1156 security flaw↗2018-08-16

▶