Redirecting to /error/403.html is nominally correct (using ErrorDocument 404 /error/403.html?) but Apache does look first at the server’s root directory so it may be necessary to change your absolute redirection from internal to external (http://www.example.com/error/403.html).
It sounds like your server doesn’t have permission on /error/403.html so it is getting an access denied error when throwning an access denied error. That said I don’t actually see a question there.