Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2004-1381 | First vendor Publication | 2004-10-20 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1381 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:100053 | |||
| Oval ID: | oval:org.mitre.oval:def:100053 | ||
| Title: | Mozilla Inactive Tab Form Data Theft Vulnerability | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1381 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 10984 | Multiple Browser Cross Tab Form Focus Mozilla Web Browser, Firefox, Netscape, Maxthon and Avant Browser contain a flaw that may allow a malicious user to gain confidential data by shifting focus on forms from an active tab to an inactive tab. The issue is triggered when a user visits a specially crafted URL that may allow inactive tabs to gain focus from form fields on web sites in another tab resulting in a loss of confidentiality. |
| 10983 | Multiple Browser Cross Tab Dialog Box Spoofing Multiple web browsers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an attacker creating a specially-crafted web page that would produce an inactive tab or window to launch a dialog box that appears to come from a trusted source, which could disclose sensitive information resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-3.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-323.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-335.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:55 |
|
| 2024-11-28 12:06:20 |
|
| 2021-05-04 12:02:30 |
|
| 2021-04-22 01:02:41 |
|
| 2020-05-23 00:16:00 |
|
| 2017-10-11 09:23:26 |
|
| 2017-07-11 12:01:36 |
|
| 2016-04-26 12:58:30 |
|
| 2014-02-17 10:28:44 |
|
| 2013-05-11 11:44:54 |
|
