CVE-2004-1381

Firefox < 1.0 and Mozilla < 1.7.5 - Input Focus Spoofing via Background Tab

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1381. PoCs published by Jakob Balle.

AI-analyzed exploit summary This is a proof-of-concept for a cross-site scripting (XSS) vulnerability that captures keystrokes from a user interacting with the CitiBank website. The exploit uses an onMouseOver event to continuously focus on a hidden form field, logging keystrokes entered on the target site.

Description

Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jakob Balle · htmlremotewindows

https://www.exploit-db.com/exploits/589

View Code ZIP pw:eip

This is a proof-of-concept for a cross-site scripting (XSS) vulnerability that captures keystrokes from a user interacting with the CitiBank website. The exploit uses an onMouseOver event to continuously focus on a hidden form field, logging keystrokes entered on the target site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Web browsers (2004 era, likely affecting multiple versions)

No auth needed

Prerequisites: User interaction (hovering over the link) · Victim must have JavaScript enabled

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053

Patch, Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/mfsa2005-05.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17789

Vendor Advisory x_refsource_misc

http://secunia.com/multiple_browsers_form_field_focus_test/

Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12712

Vendor Advisory x_refsource_misc

http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

Scores

EPSS 0.0688

EPSS Percentile 93.2%

Details

Status published

Products (18)

mozilla/firefox 0.8

mozilla/firefox 0.9 (2 CPE variants)

mozilla/firefox 0.9.1

mozilla/firefox 0.9.2

mozilla/firefox 0.9.3

mozilla/firefox 0.10

mozilla/firefox 0.10.1

mozilla/mozilla

mozilla/mozilla 1.3

mozilla/mozilla 1.4 (2 CPE variants)

... and 8 more

Published Oct 20, 2004

Tracked Since Feb 18, 2026