CVE-2007-3511

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

El manejo del enfoque para el evento onkeydown en Mozilla Firefox versiones 1.5.0.12, 2.0.0.0.4 y otras versiones anteriores a 2.0.0.8, y SeaMonkey versiones anteriores a 1.1.5, permite a atacantes remotos cambiar el enfoque del campo y copiar las pulsaciones de teclas por medio del atributo "for" en una etiqueta, lo que omite la prevención del enfoque, tal y como es demostrado cambiando el enfoque desde un área de texto hacia un campo de carga de archivos.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-02 CVE Reserved
2007-07-03 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-11-25 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (50)

URL	Tag	Source
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html	Mailing List
http://osvdb.org/37994	Vdb Entry
http://securitytracker.com/id?1018837	Vdb Entry
http://sla.ckers.org/forum/read.php?3%2C13142	X_refsource_misc
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	X_refsource_confirm
http://www.mozilla.org/security/announce/2007/mfsa2007-32.html	X_refsource_confirm
http://www.securityfocus.com/archive/1/482876/100/200/threaded	Mailing List
http://www.securityfocus.com/archive/1/482925/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/482932/100/200/threaded	Mailing List
http://www.securityfocus.com/bid/24725	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299	Vdb Entry
https://issues.rpath.com/browse/RPL-1858	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763	Signature

URL	Date	SRC
http://yathong.googlepages.com/FirefoxFocusBug.html	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	2023-11-07
http://secunia.com/advisories/25904	2023-11-07
http://secunia.com/advisories/27276	2023-11-07
http://secunia.com/advisories/27298	2023-11-07
http://secunia.com/advisories/27325	2023-11-07
http://secunia.com/advisories/27327	2023-11-07
http://secunia.com/advisories/27335	2023-11-07
http://secunia.com/advisories/27336	2023-11-07
http://secunia.com/advisories/27356	2023-11-07
http://secunia.com/advisories/27383	2023-11-07
http://secunia.com/advisories/27387	2023-11-07
http://secunia.com/advisories/27403	2023-11-07
http://secunia.com/advisories/27414	2023-11-07
http://secunia.com/advisories/27425	2023-11-07
http://secunia.com/advisories/27480	2023-11-07
http://secunia.com/advisories/27680	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	2023-11-07
http://www.debian.org/security/2007/dsa-1392	2023-11-07
http://www.debian.org/security/2007/dsa-1396	2023-11-07
http://www.debian.org/security/2007/dsa-1401	2023-11-07
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	2023-11-07
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0979.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0980.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0981.html	2023-11-07
http://www.ubuntu.com/usn/usn-536-1	2023-11-07
http://www.vupen.com/english/advisories/2007/3544	2023-11-07
http://www.vupen.com/english/advisories/2007/3587	2023-11-07
http://www.vupen.com/english/advisories/2008/0083	2023-11-07
https://usn.ubuntu.com/535-1	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2007-3511	2007-10-19
https://bugzilla.redhat.com/show_bug.cgi?id=1618316	2007-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				<= 2.0.0.7 Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.12 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.12"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.4 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.5 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				2.0.0.6 Search vendor "Mozilla" for product "Firefox" and version "2.0.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				<= 1.1.4 Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.4"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		alpha		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		beta		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		dev		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		alpha		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		beta		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.8"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.99 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.99"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.1.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.1.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3"		-		Affected