CVE-2011-3866 — Mozilla Seamonkey vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedSep 29

Latest updateMay 14

Description

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/seamonkey< 2.4

▶NVDmozilla/firefox7.0

🔴Vulnerability Details

GHSA

GHSA-4wmv-p7gx-jgg9: Mozilla Firefox before 7↗2022-05-14

▶

CVEList

CVE-2011-3866: Mozilla Firefox before 7↗2011-09-29

▶