Netscape and Mozilla Java tab spoofing

netscape-java-tab-spoofing (17137) The risk level is classified as MediumMedium Risk

Description:

Netscape version 7.2 running on Mac OS X 10.3.5 could allow a remote attacker to spoof the content of an HTML document, caused by a vulnerability when Java applets are displayed in a window when multiple tabs are used. A remote attacker could spoof content of an HTML document in a Java applet on one tab from another HTML document in a different tab. A remote attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site.

Note: Mozilla version 1.7.2 and Firefox version 0.9.3 running on Mac OS X 10.3.5 are also affected by this vulnerability.


Consequences:

Obtain Information

Remedy:

No remedy available as of September 1, 2014.

References:

  • BID-11059: Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple Mac OSX Content Spoofing Vulnerability
  • CVE-2004-1753: The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
  • OSVDB ID: 9270: Netscape Navigator Java Applet Tab Spoofing
  • SA12392: Netscape Apple Java Plugin Tab Spoofing Vulnerability

Platforms Affected:

  • Apple Mac OS X 10.3.5
  • Mozilla Firefox 0.9.3
  • Mozilla Mozilla 1.7.2
  • Netscape Navigator 7.2

Reported:

Aug 27, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page