CVE-2011-3866

Mozilla Firefox <7.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

References (4)

Core 4
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
Third Party Advisory x_refsource_misc
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai

Scores

EPSS 0.0137
EPSS Percentile 68.8%

Details

CWE
CWE-264
Status published
Products (2)
mozilla/firefox < 7.0
mozilla/seamonkey < 2.4
Published Sep 29, 2011
Tracked Since Feb 18, 2026