Launchpad CVE tracker

CVE 2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Related bugs and status

CVE-2007-3511 (Candidate) is related to these bugs:

Bug #148942: thunderbird 2.0 not compiled with UNIX (movemail) acccount option.

Summary				In	Importance	Status
	148942	thunderbird 2.0 not compiled with UNIX (movemail) acccount option.		thunderbird (Ubuntu)	Undecided	Fix Released

Bug #150791: firefox package on packages site carries warning about development version

Summary				In	Importance	Status
	150791	firefox package on packages site carries warning about development version		firefox (Ubuntu)	Undecided	Fix Released

Bug #154393: [Firefox] security update release 2.0.0.8 available from upstream

		In	Importance	Status
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Dapper)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Edgy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Feisty)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Hardy)	High	Fix Released
154393	[Firefox] security update release 2.0.0.8 available from upstream	firefox (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-3511

References