Description
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
CVSS Metrics
- Vector
- AV:N/AC:H/Au:N/C:N/I:P/A:N
- Access Vector
- network
- Access Cmplx
- high
- Auth
- none
- Confidentiality
- none
- Integrity
- partial
- Availability
- none
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- MOZILLA
- Published
- 12/31/2004
- Last Modified
- 4/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
mozilla : firefoxmozilla : mozillanetscape : navigatornetscape : navigator
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.