NVD Vulnerability Detail

CVE-2007-3511

Summary	The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Publication Date	July 3, 2007, 7:30 p.m.
Registration Date	Jan. 29, 2021, 2:15 p.m.
Last Update	Nov. 7, 2023, 11 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey::::::::		1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::beta:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.7
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html	FULLDISC
2	http://yathong.googlepages.com/FirefoxFocusBug.html	MISC	Exploit
3	http://secunia.com/advisories/25904	SECUNIA	Vendor Advisory
4	http://www.mozilla.org/security/announce/2007/mfsa2007-32.html	CONFIRM
5	https://issues.rpath.com/browse/RPL-1858	CONFIRM
6	http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	CONFIRM
7	http://www.debian.org/security/2007/dsa-1396	DEBIAN
8	http://www.debian.org/security/2007/dsa-1401	DEBIAN
9	http://www.debian.org/security/2007/dsa-1392	DEBIAN
10	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	FEDORA
11	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	FEDORA
12	http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	MANDRIVA
13	http://www.redhat.com/support/errata/RHSA-2007-0979.html	REDHAT
14	http://www.redhat.com/support/errata/RHSA-2007-0980.html	REDHAT
15	http://www.redhat.com/support/errata/RHSA-2007-0981.html	REDHAT
16	http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	SUSE
17	http://www.ubuntu.com/usn/usn-536-1	UBUNTU
18	http://www.securityfocus.com/bid/24725	BID
19	http://securitytracker.com/id?1018837	SECTRACK
20	http://secunia.com/advisories/27276	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/27325	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/27327	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/27335	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/27356	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/27383	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/27425	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/27403	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/27480	SECUNIA	Vendor Advisory
29	http://secunia.com/advisories/27387	SECUNIA	Vendor Advisory
30	http://secunia.com/advisories/27298	SECUNIA	Vendor Advisory
31	http://secunia.com/advisories/27336	SECUNIA	Vendor Advisory
32	http://secunia.com/advisories/27414	SECUNIA	Vendor Advisory
33	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	FEDORA
34	http://secunia.com/advisories/27680	SECUNIA	Vendor Advisory
35	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	SUNALERT
36	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
37	http://www.vupen.com/english/advisories/2008/0083	VUPEN	Vendor Advisory
38	http://www.vupen.com/english/advisories/2007/3544	VUPEN	Vendor Advisory
39	http://www.vupen.com/english/advisories/2007/3587	VUPEN	Vendor Advisory
40	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html	FULLDISC
41	http://osvdb.org/37994	OSVDB
42	https://exchange.xforce.ibmcloud.com/vulnerabilities/35299	XF
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763	OVAL
44	https://usn.ubuntu.com/535-1/	UBUNTU
45	http://www.securityfocus.com/archive/1/482932/100/200/threaded	BUGTRAQ
46	http://www.securityfocus.com/archive/1/482925/100/0/threaded	BUGTRAQ
47	http://www.securityfocus.com/archive/1/482876/100/200/threaded	BUGTRAQ
48	http://sla.ckers.org/forum/read.php?3%2C13142

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.99:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
cpe:2.3:a:mozilla:seamonkey::::::::		1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::beta:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox::::::::		2.0.0.7
cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*