CVE-2011-3866

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

Published: Sep 29, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3866
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	7.0.x
mozilla / seamonkey	-	2.4

http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954

Vulnerability Database

290,206

CVE-2011-3866