Home > Vulnerability Database > CVE-2007-3511

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-3511

Date: July 3, 2007

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Severity Score

3.7

Related Resources (52)

Url: http://secunia.com/advisories/27480

Url: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202

Url: http://secunia.com/advisories/27680

Url: http://www.debian.org/security/2007/dsa-1401

Url: http://osvdb.org/37994

Url: http://www.securityfocus.com/archive/1/482932/100/200/threaded

Url: http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html

Url: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3511

Url: http://secunia.com/advisories/27356

Url: http://www.novell.com/linux/security/advisories/2007_57_mozilla.html

Url: http://secunia.com/advisories/27276

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35299

Url: http://yathong.googlepages.com/FirefoxFocusBug.html

Url: http://www.securityfocus.com/bid/24725

Url: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html

Url: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html

Url: http://secunia.com/advisories/25904

Url: http://sla.ckers.org/forum/read.php?3%2C13142

Url: http://www.securityfocus.com/archive/1/482925/100/0/threaded

Url: http://secunia.com/advisories/27327

Url: http://secunia.com/advisories/27403

Url: http://secunia.com/advisories/27325

Url: http://securitytracker.com/id?1018837

Url: https://usn.ubuntu.com/535-1/

Url: https://access.redhat.com/security/cve/CVE-2007-3511

Url: http://secunia.com/advisories/27383

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3511

Url: http://www.vupen.com/english/advisories/2007/3544

Url: http://www.vupen.com/english/advisories/2007/3587

Url: http://www.vupen.com/english/advisories/2008/0083

Url: https://issues.rpath.com/browse/RPL-1858

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-32.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0981.html

Url: http://secunia.com/advisories/27298

Url: http://secunia.com/advisories/27414

Url: http://secunia.com/advisories/27336

Url: http://www.redhat.com/support/errata/RHSA-2007-0979.html

Url: http://secunia.com/advisories/27335

Url: http://www.securityfocus.com/archive/1/482876/100/200/threaded

Url: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html

Url: http://www.redhat.com/support/errata/RHSA-2007-0980.html

Url: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html

Url: http://www.debian.org/security/2007/dsa-1396

Url: http://www.ubuntu.com/usn/usn-536-1

Url: http://www.debian.org/security/2007/dsa-1392

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763

Url: http://secunia.com/advisories/27387

Url: http://secunia.com/advisories/27425

Url: https://www.mend.io/vulnerability-database/CVE-2007-3511

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us