Lucene search

MitreCVE-2007-3511

HistoryJul 03, 2007 - 10:30 a.m.

CVE-2007-3511

2007-07-0310:30:00

mitre

web.nvd.nist.gov

cve

2007

3511

mozilla firefox

seamonkey

focus handling

vulnerability

nvd

security

event

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.039

Percentile

92.1%

JSON

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the “for” attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Affected configurations

Nvd

Node

mozillafirefoxRange≤2.0.0.7

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillaseamonkeyRange≤1.1.4

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0dev

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.0.99

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox1.5.0.12cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
mozillafirefox2.0.0.4cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
mozillafirefox2.0.0.5cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
mozillafirefox2.0.0.6cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	1.5.0.12	cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
mozilla	firefox	2.0.0.4	cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
mozilla	firefox	2.0.0.5	cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
mozilla	firefox	2.0.0.6	cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0::beta:::::
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::

Rows per page:

1-10 of 261

References

archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html

archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

osvdb.org/37994

secunia.com/advisories/25904

secunia.com/advisories/27276

secunia.com/advisories/27298

secunia.com/advisories/27325

secunia.com/advisories/27327

secunia.com/advisories/27335

secunia.com/advisories/27336

secunia.com/advisories/27356

secunia.com/advisories/27383

secunia.com/advisories/27387

secunia.com/advisories/27403

secunia.com/advisories/27414

secunia.com/advisories/27425

secunia.com/advisories/27480

secunia.com/advisories/27680

securitytracker.com/id?1018837

sla.ckers.org/forum/read.php?3%2C13142

sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

www.debian.org/security/2007/dsa-1392

www.debian.org/security/2007/dsa-1396

www.debian.org/security/2007/dsa-1401

www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

www.mozilla.org/security/announce/2007/mfsa2007-32.html

www.novell.com/linux/security/advisories/2007_57_mozilla.html

www.redhat.com/support/errata/RHSA-2007-0979.html

www.redhat.com/support/errata/RHSA-2007-0980.html

www.redhat.com/support/errata/RHSA-2007-0981.html

www.securityfocus.com/archive/1/482876/100/200/threaded

www.securityfocus.com/archive/1/482925/100/0/threaded

www.securityfocus.com/archive/1/482932/100/200/threaded

www.securityfocus.com/bid/24725

www.ubuntu.com/usn/usn-536-1

www.vupen.com/english/advisories/2007/3544

www.vupen.com/english/advisories/2007/3587

www.vupen.com/english/advisories/2008/0083

yathong.googlepages.com/FirefoxFocusBug.html

exchange.xforce.ibmcloud.com/vulnerabilities/35299

issues.rpath.com/browse/RPL-1858

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763

usn.ubuntu.com/535-1/

www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.039

Percentile

92.1%

JSON

Related for CVE-2007-3511