Cross-Tab Scripting Vulnerability in Apple Java Plugin

Cross-Tab Scripting Vulnerability in Apple Java Plugin

CVE-2004-1753 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.

Learn more about our Cis Benchmark Audit For Apple Macos.