CVE-2004-1122

HIGH

Description

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

References

http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

http://secunia.com/advisories/12892

http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

http://secunia.com/secunia_research/2004-10/

Details

Source: MITRE

Published: 2005-01-10

Updated: 2008-09-10

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH