CVE-2004-1753 — Mozilla Firefox vulnerability

3 documents3 sources

Severity

2.6LOWNVD

EPSS

1.1%

top 22.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Netscape Navigator

Timeline

PublishedDec 31

Latest updateApr 29

Description

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox0.9.3

▶NVDmozilla/mozilla1.7.2

▶NVDnetscape/navigator7.1, 7.2+1

🔴Vulnerability Details

GHSA

GHSA-pfqm-c4ph-rv4v: The Apple Java plugin, as used in Netscape 7↗2022-04-29

▶

CVEList

CVE-2004-1753: The Apple Java plugin, as used in Netscape 7↗2005-02-26

▶