4.3

CVE-2011-3866

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 7.0
MozillaSeamonkey Version < 2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
Vendor Advisory
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
Vendor Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954
Third Party Advisory