Bill Mcgonigle

**Name of the Vulnerable Software and Affected Versions** Apple Java plugin versions used in Netscape 7.1 and 7.2 Apple Java plugin versions used in Mozilla 1.7.2 Apple Java plugin versions used in Firefox 0.9.3 on MacOS X 10.3.5 **Description** The issue arises when tabbed browsing is enabled, and the Apple Java plugin fails to properly handle SetWindow(NULL) calls. This allows Java applets from one tab to draw to other tabs, which can facilitate phishing attacks that spoof tabs. **Recommendations** For Netscape 7.1 and 7.2, consider disabling the Java plugin until a patch is available. For Mozilla 1.7.2, restrict the use of Java applets in tabbed browsing mode to minimize the risk of exploitation. For Firefox 0.9.3 on MacOS X 10.3.5, avoid using tabbed browsing with Java applets enabled until the issue is resolved.