CVE-2004-1753

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1753
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netscape / navigator	7.1	7.1.x
netscape / navigator	7.2	7.2.x
mozilla / firefox	0.9.3	0.9.3.x
mozilla / mozilla	1.7.2	1.7.2.x

http://bugzilla.mozilla.org/show_bug.cgi?id=162134
http://secunia.com/advisories/12392
http://www.securityfocus.com/archive/1/373080
http://www.securityfocus.com/archive/1/373232
http://www.securityfocus.com/archive/1/373309
http://www.securityfocus.com/bid/11059
https://exchange.xforce.ibmcloud.com/vulnerabilities/17137

Vulnerability Database

289,697

CVE-2004-1753