Home

CVE-2007-3511

Description

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the for attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Risk Information

Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
4.479

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 2.0.0.7Windows
Multiple vulnerabilities affected in Mozilla_Firefox 2.0.0.7Windows
Multiple vulnerabilities affected in SeaMonkey 1.1.4Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 1.5.0.12Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.4Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.5Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.6Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.7Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 1.5.0.12Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.4Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.5Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.6Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.7Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.0.0.8Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-341197SeaMonkey (2.53.19)
PATCH-613630Mozilla Firefox For Mac (147.0.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234