4.3

CVE-2007-3511

Exploit

EPSS 3.38%
Veröffentlicht 03.07.2007 10:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 51

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.7

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version2.0.0.4

Mozilla ≫ Firefox Version2.0.0.5

Mozilla ≫ Firefox Version2.0.0.6

Mozilla ≫ Seamonkey Version <= 1.1.4

Mozilla ≫ Seamonkey Version1.0

Mozilla ≫ Seamonkey Version1.0 Editionalpha

Mozilla ≫ Seamonkey Version1.0 Editionbeta

Mozilla ≫ Seamonkey Version1.0 Editiondev

Mozilla ≫ Seamonkey Version1.0 Updatealpha

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Mozilla ≫ Seamonkey Version1.0.1

Mozilla ≫ Seamonkey Version1.0.2

Mozilla ≫ Seamonkey Version1.0.3

Mozilla ≫ Seamonkey Version1.0.4

Mozilla ≫ Seamonkey Version1.0.5

Mozilla ≫ Seamonkey Version1.0.6

Mozilla ≫ Seamonkey Version1.0.7

Mozilla ≫ Seamonkey Version1.0.8

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.0.99

Mozilla ≫ Seamonkey Version1.1

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.2

Mozilla ≫ Seamonkey Version1.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.38%	0.869

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://www.vupen.com/english/advisories/2008/0083

Vendor Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/27298

Vendor Advisory

http://secunia.com/advisories/27335

Vendor Advisory

http://secunia.com/advisories/27383

Vendor Advisory

http://secunia.com/advisories/27387

Vendor Advisory

http://secunia.com/advisories/27403

Vendor Advisory

http://secunia.com/advisories/27414

Vendor Advisory

http://securitytracker.com/id?1018837

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.ubuntu.com/usn/usn-536-1

http://www.vupen.com/english/advisories/2007/3544

Vendor Advisory

https://issues.rpath.com/browse/RPL-1858

https://usn.ubuntu.com/535-1/

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

http://secunia.com/advisories/27276

Vendor Advisory

http://secunia.com/advisories/27325

Vendor Advisory

http://secunia.com/advisories/27327

Vendor Advisory

http://secunia.com/advisories/27336

Vendor Advisory

http://secunia.com/advisories/27356

Vendor Advisory

http://secunia.com/advisories/27425

Vendor Advisory

http://secunia.com/advisories/27480

Vendor Advisory

http://secunia.com/advisories/27680

Vendor Advisory

http://www.debian.org/security/2007/dsa-1392

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1401

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.vupen.com/english/advisories/2007/3587

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html

http://osvdb.org/37994

http://secunia.com/advisories/25904

Vendor Advisory

http://sla.ckers.org/forum/read.php?3%2C13142

http://www.securityfocus.com/bid/24725

http://yathong.googlepages.com/FirefoxFocusBug.html

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/35299

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763

https://nvd.nist.gov/vuln/detail/CVE-2007-3511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3511

EUVD