CVE-2004-0191 Information
Description
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks as demonstrated using onmousemove events.
Reference
http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://marc.info/?l=bugtraq&m=107774710729469&w=2 http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://www.osvdb.org/4062 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/9747 https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A874 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A937
Share on: