CVE-2004-1381

Firefox <1.0 - Info Disclosure

Title source: llm

Description

Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jakob Balle · htmlremotewindows

https://www.exploit-db.com/exploits/589

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053

[Patch, Vendor Advisory] http://www.mozilla.org/security/announce/mfsa2005-05.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17789

[Vendor Advisory] http://secunia.com/multiple_browsers_form_field_focus_test/

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/12712

[Vendor Advisory] http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Scores

EPSS 0.1527

EPSS Percentile 94.6%

Details

Status published

Products (18)

mozilla/firefox 0.8

mozilla/firefox 0.9 (2 CPE variants)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

mozilla/firefox 0.9.3

mozilla/firefox 0.10

mozilla/firefox 0.10.1

mozilla/mozilla

mozilla/mozilla 1.3

mozilla/mozilla 1.4 (2 CPE variants)

... and 8 more

Published Oct 20, 2004

Tracked Since Feb 18, 2026