Your submission was sent successfully! Close

CVE-2010-1125

Published: 26 March 2010

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Needed

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream Needed

xulrunner-1.9.1
Launchpad, Ubuntu, Debian
Upstream Needed

xulrunner-1.9.2
Launchpad, Ubuntu, Debian
Upstream Needed

Notes

AuthorNote
jdstrand
CVEs in Firefox are tracked in the xulrunner source packages. The
mapping of xulrunner sources to firefox is:
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
xulrunner-1.9: firefox-3.0
xulrunner-1.9.1: firefox-3.5
Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
the system xulrunner-1.9.2, so it is tracked in the firefox source package.

References