CVE-2011-3866

Priority
Medium
Description
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly
restrict availability of motion data events, which makes it easier for
remote attackers to read keystrokes by leveraging JavaScript code running
in a background tab.
References
Bugs
Notes
jdstrand> does not affect firefox 3.6
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (7.0.1+build1+nobinonly-0ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (7.0.1+build1+nobinonly-0ubuntu1)
Ubuntu 13.04 (Raring Ringtail):not-affected (7.0.1+build1+nobinonly-0ubuntu1)
Ubuntu 13.10 (Saucy Salamander):not-affected (7.0.1+build1+nobinonly-0ubuntu1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (7.0.1+build1+nobinonly-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:48 UTC (commit 7585)