Published: 21/12/2011 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Mozilla Firefox 4.x up to and including 8.0, Thunderbird 5.0 up to and including 8.0, and SeaMonkey prior to 2.6 allow remote malicious users to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 5.0
mozilla firefox 7.0
mozilla firefox 7.0.1
mozilla firefox 4.0.1
mozilla firefox 6.0.2
mozilla firefox 6.0.1
mozilla firefox 5.0.1
mozilla firefox 6.0
mozilla thunderbird 5.0
mozilla thunderbird 7.0
mozilla thunderbird 6.0.2
mozilla thunderbird 7.0.1
mozilla thunderbird 6.0
mozilla thunderbird 6.0.1
mozilla seamonkey
mozilla seamonkey 2.5
mozilla seamonkey 2.4
mozilla seamonkey 2.3
mozilla seamonkey 2.2
mozilla seamonkey 2.1
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.8
mozilla seamonkey 2.4.1
mozilla seamonkey 2.3.3
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.15
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0
mozilla seamonkey 1.1
mozilla seamonkey 2.3.2
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.14
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.14
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.13
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.9
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.1
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.0.6
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.11
mozilla seamonkey 2.3.1
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.11
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.10
mozilla seamonkey 1.5.0.9
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.2
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.3

Several security issues were fixed in Firefox ...

This update provides compatible packages for Firefox 9 ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2011-56 Key detection without JavaScript via SVG animation Announced December 20, 2011 Reporter Mario Heiderich Impact Moderate Products Firefox, SeaMonkey, Thunderbird Fixed in ...

CWE-200 http://www.mozilla.org/security/announce/2011/mfsa2011-56.html https://bugzilla.mozilla.org/show_bug.cgi?id=704482 http://osvdb.org/77954 http://www.securitytracker.com/id?1026447 http://www.securitytracker.com/id?1026446 http://secunia.com/advisories/47302 http://www.mandriva.com/security/advisories?name=MDVSA-2011:192 http://secunia.com/advisories/47334 http://www.securitytracker.com/id?1026445 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://secunia.com/advisories/49055 https://exchange.xforce.ibmcloud.com/vulnerabilities/71911 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14739 https://nvd.nist.gov https://usn.ubuntu.com/1306-1/

CVE-2011-3663

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect