CVE-2004-1380

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Published: Oct 20, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1380
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	0.8	0.8.x
mozilla / mozilla	1.7-alpha	1.7-alpha.x
mozilla / mozilla	1.7-rc1	1.7-rc1.x
mozilla / mozilla	1.5-rc2	1.5-rc2.x
mozilla / mozilla	1.7	1.7.x
mozilla / firefox	0.9.1	0.9.1.x
mozilla / firefox	0.10.1	0.10.1.x
mozilla / firefox	0.9	0.9.x
mozilla / mozilla	1.6-beta	1.6-beta.x
mozilla / mozilla	1.4.1	1.4.1.x
mozilla / mozilla	1.5-alpha	1.5-alpha.x
mozilla / mozilla	1.5-rc1	1.5-rc1.x
mozilla / mozilla	1.3	1.3.x
mozilla / mozilla	1.7-beta	1.7-beta.x
mozilla / mozilla	1.4	1.4.x
mozilla / mozilla	1.5	1.5.x
mozilla / mozilla	-	-
mozilla / mozilla	1.7.1	1.7.1.x
mozilla / firefox	0.9.3	0.9.3.x
mozilla / mozilla	1.4-alpha	1.4-alpha.x
mozilla / mozilla	1.5.1	1.5.1.x
mozilla / firefox	0.9.2	0.9.2.x
mozilla / mozilla	1.7.2	1.7.2.x
mozilla / firefox	0.9-rc	0.9-rc.x
mozilla / mozilla	1.7-rc3	1.7-rc3.x
mozilla / mozilla	1.7-rc2	1.7-rc2.x
mozilla / firefox	0.10	0.10.x
mozilla / mozilla	1.7.3	1.7.3.x
mozilla / mozilla	1.6-alpha	1.6-alpha.x
mozilla / mozilla	1.6	1.6.x

Vulnerability Database

289,599

CVE-2004-1380