Unrated severityNVD Advisory· Published Jul 3, 2007· Updated Jun 16, 2026
CVE-2007-3511
CVE-2007-3511
Description
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.7
- cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
- (no CPE)range: <2.0.0.8
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=1.1.4
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- (no CPE)range: <1.1.5
Patches
Vulnerability mechanics
References
48- yathong.googlepages.com/FirefoxFocusBug.htmlnvdExploit
- secunia.com/advisories/25904nvdVendor Advisory
- secunia.com/advisories/27276nvdVendor Advisory
- secunia.com/advisories/27298nvdVendor Advisory
- secunia.com/advisories/27325nvdVendor Advisory
- secunia.com/advisories/27327nvdVendor Advisory
- secunia.com/advisories/27335nvdVendor Advisory
- secunia.com/advisories/27336nvdVendor Advisory
- secunia.com/advisories/27356nvdVendor Advisory
- secunia.com/advisories/27383nvdVendor Advisory
- secunia.com/advisories/27387nvdVendor Advisory
- secunia.com/advisories/27403nvdVendor Advisory
- secunia.com/advisories/27414nvdVendor Advisory
- secunia.com/advisories/27425nvdVendor Advisory
- secunia.com/advisories/27480nvdVendor Advisory
- secunia.com/advisories/27680nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3544nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3587nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0083nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.htmlnvd
- archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- osvdb.org/37994nvd
- securitytracker.com/idnvd
- sla.ckers.org/forum/read.phpnvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.htmlnvd
- www.debian.org/security/2007/dsa-1392nvd
- www.debian.org/security/2007/dsa-1396nvd
- www.debian.org/security/2007/dsa-1401nvd
- www.mandriva.com/en/security/advisoriesnvd
- www.mozilla.org/security/announce/2007/mfsa2007-32.htmlnvd
- www.novell.com/linux/security/advisories/2007_57_mozilla.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0979.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0980.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0981.htmlnvd
- www.securityfocus.com/archive/1/482876/100/200/threadednvd
- www.securityfocus.com/archive/1/482925/100/0/threadednvd
- www.securityfocus.com/archive/1/482932/100/200/threadednvd
- www.securityfocus.com/bid/24725nvd
- www.ubuntu.com/usn/usn-536-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/35299nvd
- issues.rpath.com/browse/RPL-1858nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763nvd
- usn.ubuntu.com/535-1/nvd
- www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.htmlnvd
News mentions
0No linked articles in our index yet.