CVE-2004-1156

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-1156
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/13129/ Vendor Advisory
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/ Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-13.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117
http://secunia.com/advisories/13129/ Vendor Advisory
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
http://secunia.com/secunia_research/2004-13/advisory/ Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
http://www.mozilla.org/security/announce/mfsa2005-13.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
History

20 Nov 2024, 23:50

Type Values Removed Values Added
References () http://secunia.com/advisories/13129/ - Vendor Advisory () http://secunia.com/advisories/13129/ - Vendor Advisory
References () http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ - () http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ -
References () http://secunia.com/secunia_research/2004-13/advisory/ - Vendor Advisory () http://secunia.com/secunia_research/2004-13/advisory/ - Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml - () http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml -
References () http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml - () http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml -
References () http://www.mozilla.org/security/announce/mfsa2005-13.html - () http://www.mozilla.org/security/announce/mfsa2005-13.html -
References () http://www.redhat.com/support/errata/RHSA-2005-176.html - () http://www.redhat.com/support/errata/RHSA-2005-176.html -
References () http://www.redhat.com/support/errata/RHSA-2005-384.html - () http://www.redhat.com/support/errata/RHSA-2005-384.html -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100045 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10117 -
Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:50

NVD link : CVE-2004-1156

Mitre link : CVE-2004-1156

CVE.ORG link : CVE-2004-1156

JSON object : View

Products Affected

mozilla

  • firefox
  • mozilla
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024