Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1381 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

15.3%

top 5.37%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla

Timeline

PublishedOct 20

Latest updateApr 29

Description

Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox7 versions+6

▶NVDmozilla/mozilla10 versions+9

Patches

Patch: secunia.com ↗Patch: www.mozilla.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-hhqx-qfww-wwhc: Firefox before 1↗2022-04-29

▶

CVEList

CVE-2004-1381: Firefox before 1↗2005-01-29

▶

💥Exploits & PoCs

Exploit-DB

Multiple Browsers - Tabbed Browsing↗2004-10-22

▶

📋Vendor Advisories

Ubuntu

Ubuntu 4.10 update for Firefox vulnerabilities↗2005-07-28

▶

💬Community

Bugzilla

CVE-2004-1380 Input stealing from other tabs (CVE-2004-1381)↗2005-03-23

▶