Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-3866 | First vendor Publication | 2011-09-28 |
| Vendor | Cve | Last vendor Modification | 2018-11-29 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3866 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13954 | |||
| Oval ID: | oval:org.mitre.oval:def:13954 | ||
| Title: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | ||
| Description: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3866 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx.nasl |
| 2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) File : nvt/gb_mozilla_prdts_mult_vuln_win01_oct11.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 75847 | Mozilla Multiple Product Multiple Tab Handling Keystroke Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-10 01:16:04 |
|
| 2024-02-02 01:17:20 |
|
| 2024-02-01 12:05:05 |
|
| 2023-09-05 12:16:16 |
|
| 2023-09-05 01:04:57 |
|
| 2023-09-02 12:16:22 |
|
| 2023-09-02 01:05:03 |
|
| 2023-08-12 12:19:50 |
|
| 2023-08-12 01:05:04 |
|
| 2023-08-11 12:16:27 |
|
| 2023-08-11 01:05:13 |
|
| 2023-08-06 12:15:49 |
|
| 2023-08-06 01:05:04 |
|
| 2023-08-04 12:15:53 |
|
| 2023-08-04 01:05:04 |
|
| 2023-07-14 12:15:52 |
|
| 2023-07-14 01:05:02 |
|
| 2023-04-01 01:13:20 |
|
| 2023-03-29 01:17:45 |
|
| 2023-03-28 12:05:09 |
|
| 2022-10-11 12:14:09 |
|
| 2022-10-11 01:04:47 |
|
| 2021-05-04 12:17:43 |
|
| 2021-04-22 01:21:01 |
|
| 2020-10-14 01:07:06 |
|
| 2020-10-03 01:07:07 |
|
| 2020-05-29 01:06:34 |
|
| 2020-05-23 01:46:47 |
|
| 2020-05-23 00:31:16 |
|
| 2018-11-29 21:19:28 |
|
| 2018-01-18 12:04:22 |
|
| 2017-11-22 12:04:20 |
|
| 2017-11-21 12:03:31 |
|
| 2017-09-19 09:24:57 |
|
| 2016-06-28 18:51:27 |
|
| 2016-04-26 21:08:57 |
|
| 2014-02-17 11:05:33 |
|
| 2013-05-10 23:08:56 |
|
