CVE-2004-1753

Summary

CVE	CVE-2004-1753
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2004-12-31 05:00:00 UTC
Updated	2017-07-11 01:31:00 UTC
Description	The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	0.9.3	All	All	All
Application	Mozilla	Firefox	0.9.3	All	All	All
Application	Mozilla	Mozilla	1.7.2	All	All	All
Application	Mozilla	Mozilla	1.7.2	All	All	All
Application	Netscape	Navigator	7.1	All	All	All
Application	Netscape	Navigator	7.2	All	All	All
Application	Netscape	Navigator	7.1	All	All	All
Application	Netscape	Navigator	7.2	All	All	All

References

Reference	Source	Link	Tags
Secunia - Advisories - Netscape Apple Java Plugin Tab Spoofing Vulnerability	SECUNIA	secunia.com
Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple Mac OSX Content Spoofing Vulnerability	BID	www.securityfocus.com	Exploit
162134 – [OSX] Java applets draw on wrong tabs	MISC	bugzilla.mozilla.org	Exploit
SecurityFocus	BUGTRAQ	www.securityfocus.com	Exploit
SecurityFocus	BUGTRAQ	www.securityfocus.com	Exploit
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
SecurityFocus	BUGTRAQ	www.securityfocus.com	Exploit
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.