CVE-2004-2383

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.0 through 6.0

Description: The issue allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains. This can be achieved via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. It can be used in a spoofing scenario.

Recommendations: For Microsoft Internet Explorer versions 5.0 through 6.0, consider disabling Javascript in HTML documents outside a frameset to minimize the risk of exploitation. Restrict access to framesets that include target domains to prevent attackers from forcing the frameset to maintain focus.