Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
References
Link | Resource |
---|---|
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html | Vendor Advisory |
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai | Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=682562 | Issue Tracking Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-09-29T00:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2011-09-28T00:00:00
Link: CVE-2011-3866
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-09-29T00:55:03.013
Modified: 2018-11-29T16:02:52.130
Link: CVE-2011-3866
JSON object: View
Redhat Information
No data.
CWE