Cross-Domain and Cross-Site Scripting (XSS) Vulnerability in Mozilla 1.4.2 and Earlier

Cross-Domain and Cross-Site Scripting (XSS) Vulnerability in Mozilla 1.4.2 and Earlier

CVE-2004-0191 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Learn more about our Web Application Penetration Testing UK.