CVE-2004-1753
https://notcve.org/view.php?id=CVE-2004-1753
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. • http://bugzilla.mozilla.org/show_bug.cgi?id=162134 http://secunia.com/advisories/12392 http://www.securityfocus.com/archive/1/373080 http://www.securityfocus.com/archive/1/373232 http://www.securityfocus.com/archive/1/373309 http://www.securityfocus.com/bid/11059 https://exchange.xforce.ibmcloud.com/vulnerabilities/17137 •
CVE-2004-1450
https://notcve.org/view.php?id=CVE-2004-1450
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. • http://bugzilla.mozilla.org/show_bug.cgi?id=239122 http://www.mozilla.org/projects/security/known-vulnerabilities.html •
CVE-2004-1449
https://notcve.org/view.php?id=CVE-2004-1449
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. • http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 •
CVE-2004-1316
https://notcve.org/view.php?id=CVE-2004-1316
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. • http://isec.pl/vulnerabilities/isec-0020-mozilla.txt http://marc.info/?l=bugtraq&m=110436284718949&w=2 http://marc.info/?l=bugtraq&m=110780717916478&w=2 http://secunia.com/advisories/19823 http://www.mozilla.org/security/announce/mfsa2005-06.html http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.redhat.com/support/errata/RHSA-2005-038.html http://www.securityfocus.com/bid/12131 https://exchange.xforce.ibmcloud.com/vulnerabilities/18711 https:// •
CVE-2004-1156
https://notcve.org/view.php?id=CVE-2004-1156
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://secunia.com/advisories/13129 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml http://www.mozilla.org/security/announce/mfsa2005-13.html http://www.redhat.com/support/errata/RHSA-2005-176.html http://www.redhat.com/support/errata/RHSA-2005-384.html https://oval.cisecurity.org/re •