CVE-2011-3866

EUVD-2011-3823
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 7.0
mozillaseamonkey
𝑥
< 2.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
Fixed 7.0.1+build1+nobinonly-0ubuntu0.11.04.1
released
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
seamonkey
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
dne
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954