The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://secunia.com/secunia_research/2004-13/advisory/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://secunia.com/advisories/13129/ https://bugzilla.mozilla.org/show_bug.cgi?id=273699 https://bugzilla.mozilla.org/show_bug.cgi?id=103638 http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://secunia.com/advisories/13253/ http://secunia.com/advisories/13254/ http://www.kde.org/info/security/advisory-20041213-1.txt http://secunia.com/advisories/13402/ http://www.vuxml.org/freebsd/b0911985-6e2a-11d9-9557-000a95bc6fae.html

The following packages are affected: firefox mozilla linux-mozilla linux-mozilla-devel de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-netscape7 fr-netscape7 ja-netscape7 netscape7 pt_BR-netscape7 mozilla-gtk1 de-linux-netscape fr-linux-netscape ja-linux-netscape linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix kdebase kdelibs opera opera-devel linux-opera CVE-2004-1156 Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the 'window injection' vulnerability. CVE-2004-1157 Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the 'window injection' vulnerability. CVE-2004-1158 Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the 'window injection' vulnerability. CVE-2004-1160 Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the 'window injection' vulnerability.