CVE-2004-1381
First published: Wed Oct 20 2004(Updated: )
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =0.8 | |
| Firefox | =0.9 | |
| Firefox | =0.9-rc | |
| Firefox | =0.9.1 | |
| Firefox | =0.9.2 | |
| Firefox | =0.9.3 | |
| Firefox | =0.10 | |
| Firefox | =0.10.1 | |
| Mozilla Firefox | ||
| Mozilla Firefox | =1.3 | |
| Mozilla Firefox | =1.4 | |
| Mozilla Firefox | =1.4-alpha | |
| Mozilla Firefox | =1.4.1 | |
| Mozilla Firefox | =1.5 | |
| Mozilla Firefox | =1.5-alpha | |
| Mozilla Firefox | =1.5-rc1 | |
| Mozilla Firefox | =1.5-rc2 | |
| Mozilla Firefox | =1.5.1 | |
| Mozilla Firefox | =1.6 | |
| Mozilla Firefox | =1.6-alpha | |
| Mozilla Firefox | =1.6-beta | |
| Mozilla Firefox | =1.7 | |
| Mozilla Firefox | =1.7-alpha | |
| Mozilla Firefox | =1.7-beta | |
| Mozilla Firefox | =1.7-rc1 | |
| Mozilla Firefox | =1.7-rc2 | |
| Mozilla Firefox | =1.7-rc3 | |
| Mozilla Firefox | =1.7.1 | |
| Mozilla Firefox | =1.7.2 | |
| Mozilla Firefox | =1.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/12712
- http://secunia.com/multiple_browsers_dialog_box_spoofing_test/
- http://secunia.com/multiple_browsers_form_field_focus_test/
- http://www.mozilla.org/security/announce/mfsa2005-05.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17789
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100053
Frequently Asked Questions
What is the severity of CVE-2004-1381?
CVE-2004-1381 is rated as a critical vulnerability as it allows remote attackers to steal sensitive data from users.
How do I fix CVE-2004-1381?
Fix CVE-2004-1381 by upgrading to Firefox version 1.0 or Mozilla version 1.7.5 or later.
What are the risks associated with CVE-2004-1381?
The risks associated with CVE-2004-1381 include potential phishing attacks and unauthorized access to sensitive information.
Which versions are affected by CVE-2004-1381?
CVE-2004-1381 affects Firefox versions prior to 1.0 and Mozilla versions prior to 1.7.5.
How can CVE-2004-1381 be exploited?
CVE-2004-1381 can be exploited when inactive background tabs focus on input fields in the active tab, allowing data theft.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/firefox
- version/firefox/0.8
- version/firefox/0.9
- version/firefox/0.9-rc
- version/firefox/0.9.1
- version/firefox/0.9.2
- version/firefox/0.9.3
- version/firefox/0.10
- version/firefox/0.10.1
- canonical/mozilla firefox
- version/mozilla firefox/1.3
- version/mozilla firefox/1.4
- version/mozilla firefox/1.4-alpha
- version/mozilla firefox/1.4.1
- version/mozilla firefox/1.5
- version/mozilla firefox/1.5-alpha
- version/mozilla firefox/1.5-rc1
- version/mozilla firefox/1.5-rc2
- version/mozilla firefox/1.5.1
- version/mozilla firefox/1.6
- version/mozilla firefox/1.6-alpha
- version/mozilla firefox/1.6-beta
- version/mozilla firefox/1.7
- version/mozilla firefox/1.7-alpha
- version/mozilla firefox/1.7-beta
- version/mozilla firefox/1.7-rc1
- version/mozilla firefox/1.7-rc2
- version/mozilla firefox/1.7-rc3
- version/mozilla firefox/1.7.1
- version/mozilla firefox/1.7.2
- version/mozilla firefox/1.7.3