Package: iceweasel Version: 2.0.0.6-0etch1 Severity: important Tags: security
Hi, CVE-2007-3511[0]: The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field. There is an example for this vulnerability on: http://yathong.googlepages.com/FirefoxFocusBug.html If you fix this bug please include the CVE id in the changelogs. Kind regards Nico [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgps39CFBC6U4.pgp
Description: PGP signature
