CVE-2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Published: Jul 3, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3511
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / seamonkey	1.0.3	1.0.3.x
mozilla / seamonkey	1.0.1	1.0.1.x
mozilla / seamonkey	1.0.6	1.0.6.x
mozilla / seamonkey	1.0.9	1.0.9.x
mozilla / seamonkey	1.1.3	1.1.3.x
mozilla / seamonkey	1.0	1.0.x
mozilla / seamonkey	1.0.99	1.0.99.x
mozilla / seamonkey	1.0.7	1.0.7.x
mozilla / seamonkey	1.0-beta	1.0-beta.x
mozilla / seamonkey	1.0-alpha	1.0-alpha.x
mozilla / seamonkey	-	1.1.4.x
mozilla / seamonkey	1.1	1.1.x
mozilla / seamonkey	1.1.2	1.1.2.x
mozilla / seamonkey	1.0.2	1.0.2.x
mozilla / seamonkey	1.0.8	1.0.8.x
mozilla / seamonkey	1.1.1	1.1.1.x
mozilla / seamonkey	1.0.5	1.0.5.x
mozilla / firefox	1.5.0.12	1.5.0.12.x
mozilla / firefox	2.0.0.6	2.0.0.6.x
mozilla / firefox	2.0.0.4	2.0.0.4.x
mozilla / seamonkey	1.0.4	1.0.4.x
mozilla / firefox	-	2.0.0.7.x
mozilla / firefox	2.0.0.5	2.0.0.5.x

Vulnerability Database

289,784

CVE-2007-3511