CVE-2004-1160 — Navigator vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 22.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netscape Navigator

Timeline

PublishedJan 10

Latest updateApr 29

Description

Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnetscape/navigator4 versions+3

🔴Vulnerability Details

GHSA

GHSA-fxg8-qjj9-r7g8: Netscape 7↗2022-04-29

▶

CVEList

CVE-2004-1160: Netscape 7↗2004-12-10

▶