CVE-2004-1753 - Increasable Brilliant


The Apple Java plugin as used in Netscape 7.1 and 7.2 Mozilla 1.7.2 and Firefox 0.9.3 on MacOS X 10.3.5 when tabbed browsing is enabled does not properly handle SetWindow(NULL) calls which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.