Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1380 — Mozilla Firefox vulnerability

10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

14.5%

top 5.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedOct 20

Latest updateApr 29

Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox7 versions+6

▶NVDmozilla/mozilla10 versions+9

Patches

Patch: secunia.com ↗Patch: www.mozilla.org ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-vv9m-2w98-m7rf: Firefox before 1↗2022-04-29

▶

CVEList

CVE-2004-1380: Firefox before 1↗2005-01-29

▶

💥Exploits & PoCs

Exploit-DB

Multiple Browsers - Tabbed Browsing↗2004-10-22

▶

📋Vendor Advisories

Red Hat

security flaw↗2005-01-20

▶

💬Community

Bugzilla

CVE-2004-1380 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-1380 Input stealing from other tabs↗2005-03-23

▶

Bugzilla

CVE-2004-1380 Input stealing from other tabs (CVE-2004-1381)↗2005-03-23

▶

Bugzilla

CAN-2004-1380 multiple epiphany issues↗2005-01-28

▶