[原文]The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
[CNNVD]Apple Mac OSX Mozilla/Netscape
/Firefox Browsers XPCOM Plug-In内容欺骗漏洞(CNNVD-200412-164)
用于MacOS X 10.3.5上的Netscape 7.1和7.2版本， Mozilla 1.7.2版本和Firefox 0.9.3版本的Apple Java plugin在分页浏览时不能正确处理SetWindow(空)调用。Java applets可以利用该漏洞从一个标签逼近另一个标签，并使欺骗标签的网络钓鱼攻击更容易。
Netscape contains a flaw that may allow a malicious user to spoof contents of HTML document. The issue is triggered when Apple's implementaion of Java is used inside window with more than one tab opened. This flaw may result in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.