Vulnerability Details : CVE-2011-3866
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
Products affected by CVE-2011-3866
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3866
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3866
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-3866
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3866
-
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
Access DeniedIssue Tracking;Vendor Advisory
-
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
Inferring keystrokes from motion data — MozillaVendor Advisory
-
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
HotSec '11 Workshop SessionsThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954
Repository / Oval RepositoryThird Party Advisory
Jump to