CVE-2007-3511

2007-07-0300:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.039

Percentile

92.1%

JSON

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12,
2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5
allows remote attackers to change field focus and copy keystrokes via the
“for” attribute in a label, which bypasses the focus prevention, as
demonstrated by changing focus from a textarea to a file upload field.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchfirefox< 1.5.dfsg+1.5.0.14~prepatch071011b-0ubuntu1UNKNOWN
ubuntu6.10noarchfirefox< 2.0.0.8+0dfsg-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchfirefox< 2.0.0.8+1nobinonly-0ubuntu1UNKNOWN
ubuntu7.10noarchfirefox< 2.0.0.8+2nobinonly-0ubuntu1UNKNOWN
ubuntu6.06noarchmozilla-thunderbird< 1.5.0.13+1.5.0.14b-0ubuntu0.6.06UNKNOWN
ubuntu6.10noarchmozilla-thunderbird< 1.5.0.13+1.5.0.14b-0ubuntu0.6.10UNKNOWN
ubuntu7.04noarchmozilla-thunderbird< 1.5.0.13+1.5.0.14b-0ubuntu0.7.04UNKNOWN
ubuntu7.10noarchthunderbird< 2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	firefox	< 1.5.dfsg+1.5.0.14~prepatch071011b-0ubuntu1	UNKNOWN
ubuntu	6.10	noarch	firefox	< 2.0.0.8+0dfsg-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	firefox	< 2.0.0.8+1nobinonly-0ubuntu1	UNKNOWN
ubuntu	7.10	noarch	firefox	< 2.0.0.8+2nobinonly-0ubuntu1	UNKNOWN
ubuntu	6.06	noarch	mozilla-thunderbird	< 1.5.0.13+1.5.0.14b-0ubuntu0.6.06	UNKNOWN
ubuntu	6.10	noarch	mozilla-thunderbird	< 1.5.0.13+1.5.0.14b-0ubuntu0.6.10	UNKNOWN
ubuntu	7.04	noarch	mozilla-thunderbird	< 1.5.0.13+1.5.0.14b-0ubuntu0.7.04	UNKNOWN
ubuntu	7.10	noarch	thunderbird	< 2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10	UNKNOWN