Vulnerability Name: CVE-2004-1160 (CCN-18397) Assigned: 2004-12-08 Published: 2004-12-08 Updated: 2008-09-05 Summary: Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Other References: Source: CCN Type: Microsoft Security Response Center Blog, Tuesday, October 31, 2006 2:05Information on New Address Bar Issue Source: MITRE Type: CNACVE-2004-1122 Source: MITRE Type: CNACVE-2004-1155 Source: MITRE Type: CNACVE-2004-1156 Source: MITRE Type: CNACVE-2004-1157 Source: MITRE Type: CNACVE-2004-1158 Source: MITRE Type: CNACVE-2004-1160 Source: MITRE Type: CNACVE-2004-1314 Source: CCN Type: RHSA-2005-009kdelibs Source: CCN Type: RHSA-2005-176firefox security update Source: CCN Type: RHSA-2005-384Mozilla security update Source: CCN Type: SA12892Safari Dialog Box Spoofing Vulnerability Source: CCN Type: SA13129Mozilla / Mozilla Firefox Window Injection Vulnerability Source: CCN Type: SA13251Microsoft Internet Explorer Window Injection Vulnerability Source: CCN Type: SA13252Safari Window Injection Vulnerability Source: CCN Type: SA13253Opera Window Injection Vulnerability Source: CCN Type: SA13254Konqueror Window Injection Vulnerability Source: CCN Type: SA13402Netscape Window Injection Vulnerability Source: SECUNIA Type: UNKNOWN13402 Source: CCN Type: SA22628Internet Explorer 7 Window Injection Vulnerability Source: MISC Type: Exploit, Vendor Advisoryhttp://secunia.com/multiple_browsers_window_injection_vulnerability_test/ Source: MISC Type: UNKNOWNhttp://secunia.com/secunia_research/2004-13/advisory/ Source: CCN Type: CIAC INFORMATION BULLETIN P-149Firefox Security Update Source: CCN Type: GLSA-200412-16kdelibs, kdebase: Multiple vulnerabilities Source: CCN Type: GLSA-200502-17Opera: Multiple vulnerabilities Source: CCN Type: GLSA-200503-10Mozilla Firefox: Various vulnerabilities Source: CCN Type: GLSA-200503-30Mozilla Suite: Multiple vulnerabilities Source: CCN Type: Fedora Update Notification FEDORA-2004-548Fedora: kdelibs-3.2.2-10.FC2 update Source: CCN Type: Fedora Update Notification FEDORA-2004-549kdebase-3.2.2-8.FC2 update Source: CCN Type: Fedora Update Notification FEDORA-2004-550kdelibs-3.3.1-2.4.FC3 update Source: CCN Type: Fedora Update Notification FEDORA-2004-551kdebase-3.3.1-4.3.FC3 update Source: CCN Type: OSVDB ID: 12313Microsoft IE Cross-domain Browser Window Injection Content Spoofing Source: CCN Type: OSVDB ID: 13183Apple Safari Cross-domain Browser Window Injection Content Spoofing Source: CCN Type: OSVDB ID: 59844Opera Cross-domain Browser Window Injection Content Spoofing Source: CCN Type: OSVDB ID: 59845Netscape Cross-domain Browser Window Injection Content Spoofing Source: BID Type: Exploit, Vendor Advisory11852 Source: CCN Type: BID-11852Netscape Remote Window Hijacking Vulnerability Source: CCN Type: BID-11853KDE Konqueror Remote Window Hijacking Vulnerability Source: CCN Type: BID-11854Mozilla Browser and Mozilla Firefox Remote Window Hijacking Vulnerability Source: CCN Type: BID-11855Microsoft Internet Explorer Remote Window Hijacking Vulnerability Source: CCN Type: BID-11856Opera Web Browser Remote Window Hijacking Vulnerability Source: CCN Type: BID-11857Apple Safari Remote Window Hijacking Vulnerability Source: CCN Type: BID-11875Omni Group OmniWeb Browser Remote Window Hijacking Vulnerability Source: CCN Type: BID-11876ICab Web Browser Remote Window Hijacking Vulnerability Source: CCN Type: USN-149-3Ubuntu 4.10 update for Firefox vulnerabilities Source: XF Type: UNKNOWNweb-browser-popup-spoofing(18397) Source: SUSE Type: SUSE-SA:2005:034opera: various problems Source: SUSE Type: SUSE-SR:2004:004SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2004:005SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:001SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2005:003SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:netscape:navigator:7.0:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.0.2:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.1:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:* OR cpe:/a:apple:safari:1.2.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.0:*:*:*:*:*:*:* OR cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
netscape navigator 7.0
netscape navigator 7.0.2
netscape navigator 7.1
netscape navigator 7.2
microsoft ie 6.0
netscape navigator 7.2
mozilla mozilla 1.7.3
apple safari 1.2.4
mozilla firefox 1.0
opera opera browser 7.54
gentoo linux *
microsoft windows xp - sp1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
suse suse linux 8.2
suse suse linux 9.0
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
redhat enterprise linux 3
fedoraproject fedora core 2
microsoft windows xp sp2
suse suse linux 9.2
mandrakesoft mandrake linux 10.1
fedoraproject fedora core 3
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux 10.0
suse suse linux 9.3