CVE-2004-1753 Information

Description

The Apple Java plugin as used in Netscape 7.1 and 7.2 Mozilla 1.7.2 and Firefox 0.9.3 on MacOS X 10.3.5 when tabbed browsing is enabled does not properly handle SetWindow(NULL) calls which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

Reference

http://bugzilla.mozilla.org/show_bug.cgi?id=162134 http://secunia.com/advisories/12392 http://www.securityfocus.com/archive/1/373080 http://www.securityfocus.com/archive/1/373232 http://www.securityfocus.com/archive/1/373309 http://www.securityfocus.com/bid/11059 https://exchange.xforce.ibmcloud.com/vulnerabilities/17137