Vulnerability Name:

CCN-21070

Published:2005-06-21
Updated:2005-06-21
Summary:Mozilla could allow a remote attacker to spoof dialog boxes caused by a vulnerability when JavaScript dialog boxes fail to properly display or include origins. If a remote attacker persuades a user into opening a link from a malicious Web site to a trusted Web site, the attacker could cause a new window to open, allowing the attacker to spoof the dialog box.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: AppleCare Knowledge Base Document 302847
About Security Update 2005-009

Source: CCN
Type: SA15489
Mozilla / Firefox / Camino Dialog Origin Spoofing Vulnerability

Source: CCN
Type: iCab Web site
iCab - Internet Taxi for the Mac

Source: CCN
Type: Mozilla Firefox Web site
Firefox - Rediscover the Web

Source: CCN
Type: Mozilla Suite Web site
Mozilla Suite - The All-inOne Internet Application Suite

Source: CCN
Type: Opera Software Web site
Opera 8.01 for Windows

Source: CCN
Type: OSVDB ID: 79197
Avant Browser Javascript Dialog Origin Spoofing

Source: CCN
Type: OSVDB ID: 79198
NetCaptor Javascript Dialog Origin Spoofing

Source: CCN
Type: OSVDB ID: 79199
Slim Browser Javascript Dialog Origin Spoofing

Source: CCN
Type: BID-14007
Microsoft Internet Explorer Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14008
Mozilla/Firefox Browsers Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14009
Opera Web Browser Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14010
ICab Web Browser Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14011
Apple Safari Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14012
Avant Browser Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14037
NetCaptor Browser Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14038
Slim Browser Dialog Box Origin Spoofing Vulnerability

Source: CCN
Type: BID-14410
Opera Web Browser Image Dragging Cross-Domain Scripting and File Retrieval Vulnerability

Source: XF
Type: UNKNOWN
mozilla-javascript-dialog-box-spoofing(21070)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:camino:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mozilla mozilla 1.7.8
    mozilla firefox 1.0.4
    mozilla camino 0.8.4
    microsoft ie 5.2.3
    apple safari 2.0