CVE-2004-1122

high

Description

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

References

http://secunia.com/secunia_research/2004-10/

http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

http://secunia.com/advisories/12892

http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html

Details

Source: Mitre, NVD

Published: 2005-01-10

Updated: 2008-09-10

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High