CVE-2004-1160

Name of the Vulnerable Software and Affected Versions: Netscape versions 7.x to 7.2

Description: The issue allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain. This can be demonstrated using a pop-up window on a trusted web site.

Recommendations: For Netscape versions 7.x to 7.2, consider disabling the ability to inject content from one window into another as a temporary workaround until a patch is available. Restrict access to sensitive web sites to minimize the risk of exploitation.