Moderate

CVE-2004-0191 - Unspecified vulnerability in Mozilla

Publication: 2004-03-15
Summary

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Risk level (CVSS 6.8)

Moderate

6.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Mozilla Mozilla 0.8
  • Mozilla Mozilla 0.9.2
  • Mozilla Mozilla 0.9.2.1
  • Mozilla Mozilla 0.9.3
  • Mozilla Mozilla 0.9.4
  • Mozilla Mozilla 0.9.4.1
  • Mozilla Mozilla 0.9.5
  • Mozilla Mozilla 0.9.6
  • Mozilla Mozilla 0.9.7
  • Mozilla Mozilla 0.9.8
  • Mozilla Mozilla 0.9.9
  • Mozilla Mozilla 0.9.35
  • Mozilla Mozilla 0.9.48
  • Mozilla Mozilla 1.0
  • Mozilla Mozilla 1.0
  • Mozilla Mozilla 1.0
  • Mozilla Mozilla 1.0.1
  • Mozilla Mozilla 1.0.2
  • Mozilla Mozilla 1.1
  • Mozilla Mozilla 1.1
  • Mozilla Mozilla 1.1
  • Mozilla Mozilla 1.2
  • Mozilla Mozilla 1.2
  • Mozilla Mozilla 1.2
  • Mozilla Mozilla 1.2.1
  • Mozilla Mozilla 1.3
  • Mozilla Mozilla 1.3.1
  • Mozilla Mozilla 1.4
  • Mozilla Mozilla 1.4
  • Mozilla Mozilla 1.4
  • Mozilla Mozilla 1.4.1
  • Mozilla Mozilla 1.5