CVE-2004-1380
published 2004-10-20CVE-2004-1380: Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
3.68%
88.3th percentile
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
| mozilla | mozilla | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2005-01-20·CVSS 5.0
CVE-2004-1380 [MEDIUM] security flaw
security flaw
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
GHSA
GHSA-vv9m-2w98-m7rf: Firefox before 1
ghsa_unreviewed·2022-04-29
CVE-2004-1380 [MEDIUM] GHSA-vv9m-2w98-m7rf: Firefox before 1
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
No detection rules found.
Bugzilla
CVE-2004-1380 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-1380 [MEDIUM] CVE-2004-1380 security flaw
CVE-2004-1380 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Bugzilla
CVE-2004-1380 Input stealing from other tabs
bugzilla·2005-03-23·CVSS 5.0
CVE-2004-1380 [MEDIUM] CVE-2004-1380 Input stealing from other tabs
CVE-2004-1380 Input stealing from other tabs
(copied from bug 145610)
Mozilla Security Advisory MSA05-005
Title: Input stealing from other tabs
Severity: High
Reporter: Jakob Balle (Secunia)
Fixed in: Firefox 1.0
Mozilla Suite 1.7.5
Description
Jakob Balle of Secunia reported two vulnerabilities in windows with multiple
tabs. Malicious content in a background tab can attempt to steal information
intended for the topmost tab by popping up prompt dialog that appears to come
from the trusted site, or by silently redirecting input focus to a background
tab hoping to catch the user inputting something sensitive.
Jesse Ruderman and Martin Wargers discovered variants
Workaround
Do not open sites with sensitive content in the same window as tabs from
untrusted content.
Upgrade to fixed ver
Bugzilla
CVE-2004-1380 Input stealing from other tabs (CVE-2004-1381)
bugzilla·2005-03-23·CVSS 5.0
CVE-2004-1380 [MEDIUM] CVE-2004-1380 Input stealing from other tabs (CVE-2004-1381)
CVE-2004-1380 Input stealing from other tabs (CVE-2004-1381)
+++ This bug was initially created as a clone of Bug #145610 +++
Mozilla Security Advisory MSA05-005
Title: Input stealing from other tabs
Severity: High
Reporter: Jakob Balle (Secunia)
Fixed in: Firefox 1.0
Mozilla Suite 1.7.5
Description
Jakob Balle of Secunia reported two vulnerabilities in windows with multiple
tabs. Malicious content in a background tab can attempt to steal information
intended for the topmost tab by popping up prompt dialog that appears to come
from the trusted site, or by silently redirecting input focus to a background
tab hoping to catch the user inputting something sensitive.
Jesse Ruderman and Martin Wargers discovered variants
Workaround
Do not open sites with sensitive content in the same wi
Bugzilla
CAN-2004-1380 multiple epiphany issues
bugzilla·2005-01-28
[HIGH] CAN-2004-1380 multiple epiphany issues
CAN-2004-1380 multiple epiphany issues
These items have been recently fixed by epiphany.
Secunia background tab security issues [WWW]SA12712:
http://secunia.com/advisories/12712/
Part 1) "Inactive tabs can launch dialog boxes so they appear to be displayed by
a web site in another tab" is fixed in version 1.4.5 and version 1.2.10.
Part 2) "Inactive tabs can gain focus from form fields on web sites in another
tab." is a Mozilla bug and remains unfixed.
Wrong certificate shown
http://bugzilla.gnome.org/show_bug.cgi?id=158453
On some web pages, Epiphany would show the wrong certificate. This is fixed in
version 1.4.6.
We are currently waiting on CVE information for the certificate issue.
Discussion:
Does this really affect RHEL4? I think the decision was not to include epiphany
in
http://secunia.com/advisories/12712http://secunia.com/multiple_browsers_dialog_box_spoofing_test/http://secunia.com/multiple_browsers_form_field_focus_test/http://www.mozilla.org/security/announce/mfsa2005-05.htmlhttp://www.redhat.com/support/errata/RHSA-2005-323.htmlhttp://www.redhat.com/support/errata/RHSA-2005-335.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18864https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211http://secunia.com/advisories/12712http://secunia.com/multiple_browsers_dialog_box_spoofing_test/http://secunia.com/multiple_browsers_form_field_focus_test/http://www.mozilla.org/security/announce/mfsa2005-05.htmlhttp://www.redhat.com/support/errata/RHSA-2005-323.htmlhttp://www.redhat.com/support/errata/RHSA-2005-335.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18864https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211
2004-10-20
Published