CVE-2007-3511 Information

Description

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 2.0.0.4 and other versions before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the \for\ attribute in a label which bypasses the focus prevention as demonstrated by changing focus from a textarea to a file upload field.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/37994 http://secunia.com/advisories/25904 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http://secunia.com/advisories/27414 http://secunia.com/advisories/27425 http://secunia.com/advisories/27480 http://secunia.com/advisories/27680 http://securitytracker.com/id?1018837 http://sla.ckers.org/forum/read.php?313142 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1 http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html http://www.debian.org/security/2007/dsa-1392 http://www.debian.org/security/2007/dsa-1396 http://www.debian.org/security/2007/dsa-1401 http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202 http://www.mozilla.org/security/announce/2007/mfsa2007-32.html http://www.novell.com/linux/security/advisories/2007_57_mozilla.html http://www.redhat.com/support/errata/RHSA-2007-0979.html http://www.redhat.com/support/errata/RHSA-2007-0980.html http://www.redhat.com/support/errata/RHSA-2007-0981.html http://www.securityfocus.com/archive/1/482876/100/200/threaded http://www.securityfocus.com/archive/1/482925/100/0/threaded http://www.securityfocus.com/archive/1/482932/100/200/threaded http://www.securityfocus.com/bid/24725 http://www.ubuntu.com/usn/usn-536-1 http://www.vupen.com/english/advisories/2007/3544 http://www.vupen.com/english/advisories/2007/3587 http://www.vupen.com/english/advisories/2008/0083 http://yathong.googlepages.com/FirefoxFocusBug.html https://exchange.xforce.ibmcloud.com/vulnerabilities/35299 https://issues.rpath.com/browse/RPL-1858 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9763 https://usn.ubuntu.com/535-1/ https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html