CVE-2004-1380 Information

Description

Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks aka the \Dialog Box Spoofing Vulnerability.\

Reference

http://secunia.com/advisories/12712 http://secunia.com/multiple_browsers_dialog_box_spoofing_test/ http://secunia.com/multiple_browsers_form_field_focus_test/ http://www.mozilla.org/security/announce/mfsa2005-05.html http://www.redhat.com/support/errata/RHSA-2005-323.html http://www.redhat.com/support/errata/RHSA-2005-335.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18864 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A100050 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10211