CVE-2004-1380

Firefox <1.0 - Info Disclosure

Title source: llm

Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Exploits (1)

exploitdb WORKING POC

htmlremotewindows

https://www.exploit-db.com/exploits/589

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://secunia.com/advisories/12712

[Vendor Advisory] http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

[Vendor Advisory] http://secunia.com/multiple_browsers_form_field_focus_test/

[Patch, Vendor Advisory] http://www.mozilla.org/security/announce/mfsa2005-05.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-323.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-335.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18864

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211

Scores

EPSS 0.1450

EPSS Percentile 94.5%

Details

Status published

Products (18)

mozilla/firefox 0.8

mozilla/firefox 0.9 (2 CPE variants)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

mozilla/firefox 0.9.3

mozilla/firefox 0.10

mozilla/firefox 0.10.1

mozilla/mozilla

mozilla/mozilla 1.3

mozilla/mozilla 1.4 (2 CPE variants)

... and 8 more

Published Oct 20, 2004

Tracked Since Feb 18, 2026