Vulnerability Details : CVE-2007-3511
Potential exploit
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Products affected by CVE-2007-3511
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3511
2.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3511
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-3511
-
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
-
http://www.securityfocus.com/archive/1/482925/100/0/threaded
-
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html
-
http://www.securityfocus.com/bid/24725
-
http://www.redhat.com/support/errata/RHSA-2007-0979.html
-
http://secunia.com/advisories/27414
Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
-
http://secunia.com/advisories/27298
Vendor Advisory
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.debian.org/security/2007/dsa-1396
-
http://www.securityfocus.com/archive/1/482876/100/200/threaded
-
http://secunia.com/advisories/27425
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0980.html
-
http://securitytracker.com/id?1018837
-
http://secunia.com/advisories/27680
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0981.html
-
http://secunia.com/advisories/27276
Vendor Advisory
-
http://secunia.com/advisories/25904
Vendor Advisory
-
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
-
http://secunia.com/advisories/27327
Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
-
http://secunia.com/advisories/27356
Vendor Advisory
-
http://www.debian.org/security/2007/dsa-1392
-
http://sla.ckers.org/forum/read.php?3,13142
-
http://www.securityfocus.com/archive/1/482932/100/200/threaded
-
http://yathong.googlepages.com/FirefoxFocusBug.html
Sign in - Google AccountsExploit
-
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
-
https://issues.rpath.com/browse/RPL-1858
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
-
http://secunia.com/advisories/27383
Vendor Advisory
-
http://secunia.com/advisories/27387
Vendor Advisory
-
http://www.ubuntu.com/usn/usn-536-1
-
http://secunia.com/advisories/27335
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/3587
Vendor Advisory
-
http://secunia.com/advisories/27325
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/3544
Vendor Advisory
-
https://usn.ubuntu.com/535-1/
-
http://sla.ckers.org/forum/read.php?3%2C13142
-
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
-
http://secunia.com/advisories/27336
Vendor Advisory
-
http://secunia.com/advisories/27480
Vendor Advisory
-
http://www.debian.org/security/2007/dsa-1401
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
-
http://osvdb.org/37994
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
-
http://secunia.com/advisories/27403
Vendor Advisory
-
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
Jump to