The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions prior to 2.0.0.8, and SeaMonkey prior to 1.1.5 allows remote malicious users to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.6 |
||
mozilla seamonkey 1.0.9 |
||
mozilla seamonkey 1.1.3 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.99 |
||
mozilla seamonkey 1.0.7 |
||
mozilla seamonkey |
||
mozilla seamonkey 1.1 |
||
mozilla seamonkey 1.1.2 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.8 |
||
mozilla seamonkey 1.1.1 |
||
mozilla seamonkey 1.0.5 |
||
mozilla firefox 1.5.0.12 |
||
mozilla firefox 2.0.0.6 |
||
mozilla firefox 2.0.0.4 |
||
mozilla seamonkey 1.0.4 |
||
mozilla firefox |
||
mozilla firefox 2.0.0.5 |