CVE-2004-1314

Published: Jan 10, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.

Affected (7)

Products: Apple: Safari

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 1.0
Apple Safari	Version 1.1
Apple Safari	Version 1.2.1
Apple Safari	Version 1.2.2
Apple Safari	Version 1.2.3
Apple Safari	Version 1.2
Apple Safari	Version beta2

References (10)

http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/13252/

Source: cve@mitre.org

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Source: cve@mitre.org

http://secunia.com/secunia_research/2004-13/advisory/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18397

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13252/

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2004-13/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18397

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.