header-logo
Suggest Exploit
vendor:
Firefox
by:
Unknown
N/A
CVSS
N/A
JavaScript key-filtering vulnerability
Unknown
CWE
Product Name: Firefox
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Firefox 2.0.0.11 File Focus Stealing vulnerability

The browsers fail to securely handle keystroke input from users, allowing attackers to steal focus and potentially capture sensitive data entered by the user. Exploiting this issue requires that users manually type sensitive data, which can be done through keyboard-based games, blogs, or other similar pages.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26669/info

Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users.

Exploiting this issue requires that users manually type sensitive data. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input. 

<html>
<title>Firefox 2.0.0.11 File Focus Stealing vulnerability</title>
<body>
<form>
<label>
<input type="file" name="foo" />
<br>
<input type="text" name="bar"  />
</label>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR