CVE-2011-3866

Published: Sep 29, 2011Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

Affected (2)

Products: Mozilla: Firefox, Seamonkey

Mozilla

2 products

Firefox

Seamonkey

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Seamonkey	Before 2.4

Related CWEs

CWE-264

References (8)

http://www.mozilla.org/security/announce/2011/mfsa2011-45.html

Source: cve@mitre.org

Vendor Advisory

http://www.usenix.org/events/hotsec11/tech/tech.html#Cai

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=682562

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954

Source: cve@mitre.org

Third Party Advisory

http://www.mozilla.org/security/announce/2011/mfsa2011-45.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.usenix.org/events/hotsec11/tech/tech.html#Cai

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=682562

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.