Sign-up

ID

VAR-200501-0209


CVE

CVE-2004-1314


TITLE

Apple Safari Window hijacking vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-092

DESCRIPTION

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. This issue may allow a remote attacker to carry out phishing style attacks. This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a pop up window from the trusted site that can be influenced by the attacker's site. If successful, the contents of the target site's window can be spoofed resulting in phishing style attacks. Safari is a browser of Apple Corporation. Safari 1.x has a window hijacking vulnerability. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. This is related to: SA11978 Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ The vulnerability has been confirmed in Safari version 1.2.4. Other versions may also be affected. SOLUTION: Do not browse untrusted sites while browsing trusted sites. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: http://secunia.com/secunia_research/2004-13/advisory/ OTHER REFERENCES: SA11978: http://secunia.com/advisories/11978/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2004-1314 // BID: 11857 // VULHUB: VHN-9744 // PACKETSTORM: 35271

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.9

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.9

vendor:applemodel:safariscope:eqversion:beta2

Trust: 1.6

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.3.8

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.3.8

Trust: 0.3

sources: BID: 11857 // CNNVD: CNNVD-200501-092 // NVD: CVE-2004-1314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1314
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200501-092
value: HIGH

Trust: 0.6

VULHUB: VHN-9744
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1314
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9744
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9744 // CNNVD: CNNVD-200501-092 // NVD: CVE-2004-1314

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-092

TYPE

Design Error

Trust: 0.9

sources: BID: 11857 // CNNVD: CNNVD-200501-092

EXTERNAL IDS

db:SECUNIAid:13252

Trust: 2.1

db:NVDid:CVE-2004-1314

Trust: 2.0

db:CNNVDid:CNNVD-200501-092

Trust: 0.7

db:XFid:18397

Trust: 0.6

db:APPLEid:APPLE-SA-2005-01-25

Trust: 0.6

db:BIDid:11857

Trust: 0.4

db:VULHUBid:VHN-9744

Trust: 0.1

db:PACKETSTORMid:35271

Trust: 0.1

sources: VULHUB: VHN-9744 // BID: 11857 // PACKETSTORM: 35271 // CNNVD: CNNVD-200501-092 // NVD: CVE-2004-1314

REFERENCES

url:http://secunia.com/advisories/13252/

Trust: 2.1

url:http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Trust: 1.8

url:http://secunia.com/secunia_research/2004-13/advisory/

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2005/jan/msg00001.html

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/18397

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/18397

Trust: 0.6

url:http://www.apple.com/safari/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/11978/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/1543/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-9744 // BID: 11857 // PACKETSTORM: 35271 // CNNVD: CNNVD-200501-092 // NVD: CVE-2004-1314

CREDITS

Discovery of this vulnerability is credited to Secunia Research.

Trust: 0.9

sources: BID: 11857 // CNNVD: CNNVD-200501-092

SOURCES

db:VULHUBid:VHN-9744
db:BIDid:11857
db:PACKETSTORMid:35271
db:CNNVDid:CNNVD-200501-092
db:NVDid:CVE-2004-1314

LAST UPDATE DATE

2024-08-14T13:12:11.378000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-9744date:2017-07-11T00:00:00
db:BIDid:11857date:2009-07-12T08:07:00
db:CNNVDid:CNNVD-200501-092date:2005-10-28T00:00:00
db:NVDid:CVE-2004-1314date:2017-07-11T01:30:54.933

SOURCES RELEASE DATE

db:VULHUBid:VHN-9744date:2005-01-10T00:00:00
db:BIDid:11857date:2004-12-08T00:00:00
db:PACKETSTORMid:35271date:2004-12-12T18:56:42
db:CNNVDid:CNNVD-200501-092date:2005-01-10T00:00:00
db:NVDid:CVE-2004-1314date:2005-01-10T05:00:00