4.3

CVE-2007-3511

Exploit

EPSS 4.48%
Published 03.07.2007 10:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Affected products Warnungen 0 Metrics 2 CWE 0 References 51

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 2.0.0.7

Mozilla ≫ Firefox Version1.5.0.12

Mozilla ≫ Firefox Version2.0.0.4

Mozilla ≫ Firefox Version2.0.0.5

Mozilla ≫ Firefox Version2.0.0.6

Mozilla ≫ Seamonkey Version <= 1.1.4

Mozilla ≫ Seamonkey Version1.0

Mozilla ≫ Seamonkey Version1.0 Editionalpha

Mozilla ≫ Seamonkey Version1.0 Editionbeta

Mozilla ≫ Seamonkey Version1.0 Editiondev

Mozilla ≫ Seamonkey Version1.0 Updatealpha

Mozilla ≫ Seamonkey Version1.0 Updatebeta

Mozilla ≫ Seamonkey Version1.0.1

Mozilla ≫ Seamonkey Version1.0.2

Mozilla ≫ Seamonkey Version1.0.3

Mozilla ≫ Seamonkey Version1.0.4

Mozilla ≫ Seamonkey Version1.0.5

Mozilla ≫ Seamonkey Version1.0.6

Mozilla ≫ Seamonkey Version1.0.7

Mozilla ≫ Seamonkey Version1.0.8

Mozilla ≫ Seamonkey Version1.0.9

Mozilla ≫ Seamonkey Version1.0.99

Mozilla ≫ Seamonkey Version1.1

Mozilla ≫ Seamonkey Version1.1.1

Mozilla ≫ Seamonkey Version1.1.2

Mozilla ≫ Seamonkey Version1.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.48%	0.887

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://www.vupen.com/english/advisories/2008/0083

Vendor Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/27298

Vendor Advisory

http://secunia.com/advisories/27335

Vendor Advisory

http://secunia.com/advisories/27383

Vendor Advisory

http://secunia.com/advisories/27387

Vendor Advisory

http://secunia.com/advisories/27403

Vendor Advisory

http://secunia.com/advisories/27414

Vendor Advisory

http://securitytracker.com/id?1018837

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.ubuntu.com/usn/usn-536-1

http://www.vupen.com/english/advisories/2007/3544

Vendor Advisory

https://issues.rpath.com/browse/RPL-1858

https://usn.ubuntu.com/535-1/

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

http://secunia.com/advisories/27276

Vendor Advisory

http://secunia.com/advisories/27325

Vendor Advisory

http://secunia.com/advisories/27327

Vendor Advisory

http://secunia.com/advisories/27336

Vendor Advisory

http://secunia.com/advisories/27356

Vendor Advisory

http://secunia.com/advisories/27425

Vendor Advisory

http://secunia.com/advisories/27480

Vendor Advisory

http://secunia.com/advisories/27680

Vendor Advisory

http://www.debian.org/security/2007/dsa-1392

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1401

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.vupen.com/english/advisories/2007/3587

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html

http://osvdb.org/37994

http://secunia.com/advisories/25904

Vendor Advisory

http://sla.ckers.org/forum/read.php?3%2C13142

http://www.securityfocus.com/bid/24725

http://yathong.googlepages.com/FirefoxFocusBug.html

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/35299

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763

https://nvd.nist.gov/vuln/detail/CVE-2007-3511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3511

EUVD