CVE-2004-1380

Firefox <1.0 - Info Disclosure

Title source: llm

Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."

Exploits (1)

exploitdb WORKING POC

htmlremotewindows

https://www.exploit-db.com/exploits/589

View on exploitdb

References (9)

[Patch, Vendor Advisory] http://secunia.com/advisories/12712

[Vendor Advisory] http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

[Vendor Advisory] http://secunia.com/multiple_browsers_form_field_focus_test/

[Patch, Vendor Advisory] http://www.mozilla.org/security/announce/mfsa2005-05.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-323.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2005-335.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18864

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100050

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10211

Scores

EPSS 0.1450

EPSS Percentile 94.3%

Classification

Status draft

Affected Products (30)

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/mozilla

mozilla/mozilla

mozilla/mozilla

mozilla/mozilla

mozilla/mozilla

mozilla/mozilla

mozilla/mozilla

... and 15 more

Timeline

Published Oct 20, 2004

Tracked Since Feb 18, 2026