CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
58.5%
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the “Dialog Box Spoofing Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 0.8 | cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:* |
mozilla | firefox | 0.9 | cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:* |
mozilla | firefox | 0.9.1 | cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.2 | cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:* |
mozilla | firefox | 0.9.3 | cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:* |
mozilla | firefox | 0.10 | cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:* |
mozilla | firefox | 0.10.1 | cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:* |
mozilla | mozilla | * | cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:* |
mozilla | mozilla | 1.3 | cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:* |
secunia.com/advisories/12712
secunia.com/multiple_browsers_dialog_box_spoofing_test/
secunia.com/multiple_browsers_form_field_focus_test/
www.mozilla.org/security/announce/mfsa2005-05.html
www.redhat.com/support/errata/RHSA-2005-323.html
www.redhat.com/support/errata/RHSA-2005-335.html
exchange.xforce.ibmcloud.com/vulnerabilities/18864
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211