4.3

CVE-2007-3511

Exploit
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.7
MozillaFirefox Version1.5.0.12
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaSeamonkey Version <= 1.1.4
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editionbeta
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.36% 0.815
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/27298
Vendor Advisory
http://secunia.com/advisories/27335
Vendor Advisory
http://secunia.com/advisories/27383
Vendor Advisory
http://secunia.com/advisories/27387
Vendor Advisory
http://secunia.com/advisories/27403
Vendor Advisory
http://secunia.com/advisories/27414
Vendor Advisory
http://securitytracker.com/id?1018837
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.securityfocus.com/archive/1/482876/100/200/threaded
http://www.securityfocus.com/archive/1/482925/100/0/threaded
http://www.securityfocus.com/archive/1/482932/100/200/threaded
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory
https://issues.rpath.com/browse/RPL-1858
https://usn.ubuntu.com/535-1/
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
http://secunia.com/advisories/27276
Vendor Advisory
http://secunia.com/advisories/27325
Vendor Advisory
http://secunia.com/advisories/27327
Vendor Advisory
http://secunia.com/advisories/27336
Vendor Advisory
http://secunia.com/advisories/27356
Vendor Advisory
http://secunia.com/advisories/27425
Vendor Advisory
http://secunia.com/advisories/27480
Vendor Advisory
http://secunia.com/advisories/27680
Vendor Advisory
http://www.debian.org/security/2007/dsa-1392
http://www.debian.org/security/2007/dsa-1396
http://www.debian.org/security/2007/dsa-1401
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://www.vupen.com/english/advisories/2007/3587
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
http://osvdb.org/37994
http://secunia.com/advisories/25904
Vendor Advisory
http://sla.ckers.org/forum/read.php?3%2C13142
http://www.securityfocus.com/bid/24725
http://yathong.googlepages.com/FirefoxFocusBug.html
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763