CVE-2007-3511

critical

Description

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

https://usn.ubuntu.com/535-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763

https://issues.rpath.com/browse/RPL-1858

https://exchange.xforce.ibmcloud.com/vulnerabilities/35299

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2007/3587

http://www.vupen.com/english/advisories/2007/3544

http://www.ubuntu.com/usn/usn-536-1

http://www.securityfocus.com/bid/24725

http://www.securityfocus.com/archive/1/482932/100/200/threaded

http://www.securityfocus.com/archive/1/482925/100/0/threaded

http://www.securityfocus.com/archive/1/482876/100/200/threaded

http://www.redhat.com/support/errata/RHSA-2007-0981.html

http://www.redhat.com/support/errata/RHSA-2007-0980.html

http://www.redhat.com/support/errata/RHSA-2007-0979.html

http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

http://www.debian.org/security/2007/dsa-1401

http://www.debian.org/security/2007/dsa-1396

http://www.debian.org/security/2007/dsa-1392

http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

http://sla.ckers.org/forum/read.php?3%2C13142

http://securitytracker.com/id?1018837

http://secunia.com/advisories/27680

http://secunia.com/advisories/27480

http://secunia.com/advisories/27425

http://secunia.com/advisories/27414

http://secunia.com/advisories/27403

http://secunia.com/advisories/27387

http://secunia.com/advisories/27383

http://secunia.com/advisories/27356

http://secunia.com/advisories/27336

http://secunia.com/advisories/27335

http://secunia.com/advisories/27327

http://secunia.com/advisories/27325

http://secunia.com/advisories/27298

http://secunia.com/advisories/27276

http://secunia.com/advisories/25904

http://osvdb.org/37994

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html

Details

Source: Mitre, NVD

Published: 2007-07-03

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical