CVE-2010-1125 — Sensitive Information Exposure in Mozilla Seamonkey

CWE-200 — Sensitive Information Exposure11 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

2.1%

top 15.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedMar 26

Latest updateMay 2

Description

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDmozilla/seamonkey2.0.4+36

▶NVDmozilla/firefox28 versions+27

🔴Vulnerability Details

GHSA

GHSA-7gv5-r7hh-23h7: The JavaScript implementation in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-1125: The JavaScript implementation in Mozilla Firefox 3↗2010-03-26

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox regression↗2010-06-30

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-06-29

▶

💬Community

Bugzilla

CVE-2010-1125 firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw↗2010-03-28

▶