PT-2004-2657 · Apple+2 · Java Plug-In+4
Bill Mcgonigle
·
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-1753
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Java plugin versions used in Netscape 7.1 and 7.2
Apple Java plugin versions used in Mozilla 1.7.2
Apple Java plugin versions used in Firefox 0.9.3 on MacOS X 10.3.5
Description
The issue arises when tabbed browsing is enabled, and the Apple Java plugin fails to properly handle SetWindow(NULL) calls. This allows Java applets from one tab to draw to other tabs, which can facilitate phishing attacks that spoof tabs.
Recommendations
For Netscape 7.1 and 7.2, consider disabling the Java plugin until a patch is available.
For Mozilla 1.7.2, restrict the use of Java applets in tabbed browsing mode to minimize the risk of exploitation.
For Firefox 0.9.3 on MacOS X 10.3.5, avoid using tabbed browsing with Java applets enabled until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Java Plug-In
Firefox
Macos X
Mozilla Firefox
Netscape