The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
Max CVSS
5.8
EPSS Score
0.62%
Published
2010-03-26
Updated
2018-10-10
1 vulnerabilities found