JVN/CVE Demo: Cveinfos

CVE

Id: 26868
CVE No.: CVE-2007-3511
Status: Candidate
Description: The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Phase: Assigned (20070702)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
274164	26868	CVE-2007-3511	BUGTRAQ:20071029 FLEA-2007-0062-1 firefox	View
274165	26868	CVE-2007-3511	URL:http://www.securityfocus.com/archive/1/archive/1/482925/100/0/threaded	View
274166	26868	CVE-2007-3511	BUGTRAQ:20071026 rPSA-2007-0225-1 firefox	View
274167	26868	CVE-2007-3511	URL:http://www.securityfocus.com/archive/1/archive/1/482876/100/200/threaded	View
274168	26868	CVE-2007-3511	BUGTRAQ:20071029 rPSA-2007-0225-2 firefox thunderbird	View
274169	26868	CVE-2007-3511	URL:http://www.securityfocus.com/archive/1/archive/1/482932/100/200/threaded	View
274170	26868	CVE-2007-3511	FULLDISC:20070630 New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities	View
274171	26868	CVE-2007-3511	URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html	View
274172	26868	CVE-2007-3511	FULLDISC:20070630 Re: New flaw found in Firefox 2.0.0.4: Firefox file input focus vulnerabilities	View
274173	26868	CVE-2007-3511	URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html	View
274174	26868	CVE-2007-3511	MISC:http://yathong.googlepages.com/FirefoxFocusBug.html	View
274175	26868	CVE-2007-3511	MISC:http://sla.ckers.org/forum/read.php?3,13142	View
274176	26868	CVE-2007-3511	CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-32.html	View
274177	26868	CVE-2007-3511	CONFIRM:https://issues.rpath.com/browse/RPL-1858	View
274178	26868	CVE-2007-3511	CONFIRM:http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html	View
274179	26868	CVE-2007-3511	DEBIAN:DSA-1396	View
274180	26868	CVE-2007-3511	URL:http://www.debian.org/security/2007/dsa-1396	View
274181	26868	CVE-2007-3511	DEBIAN:DSA-1401	View
274182	26868	CVE-2007-3511	URL:http://www.debian.org/security/2007/dsa-1401	View
274183	26868	CVE-2007-3511	DEBIAN:DSA-1392	View
274184	26868	CVE-2007-3511	URL:http://www.debian.org/security/2007/dsa-1392	View
274185	26868	CVE-2007-3511	FEDORA:FEDORA-2007-2601	View
274186	26868	CVE-2007-3511	URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html	View
274187	26868	CVE-2007-3511	FEDORA:FEDORA-2007-2664	View
274188	26868	CVE-2007-3511	URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html	View
274189	26868	CVE-2007-3511	FEDORA:FEDORA-2007-3431	View
274190	26868	CVE-2007-3511	URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html	View
274191	26868	CVE-2007-3511	HP:HPSBUX02153	View
274192	26868	CVE-2007-3511	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	View
274193	26868	CVE-2007-3511	HP:SSRT061181	View
274194	26868	CVE-2007-3511	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	View
274195	26868	CVE-2007-3511	MANDRIVA:MDKSA-2007:202	View
274196	26868	CVE-2007-3511	URL:http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202	View
274197	26868	CVE-2007-3511	REDHAT:RHSA-2007:0979	View
274198	26868	CVE-2007-3511	URL:http://www.redhat.com/support/errata/RHSA-2007-0979.html	View
274199	26868	CVE-2007-3511	REDHAT:RHSA-2007:0980	View
274200	26868	CVE-2007-3511	URL:http://www.redhat.com/support/errata/RHSA-2007-0980.html	View
274201	26868	CVE-2007-3511	REDHAT:RHSA-2007:0981	View
274202	26868	CVE-2007-3511	URL:http://www.redhat.com/support/errata/RHSA-2007-0981.html	View
274203	26868	CVE-2007-3511	SUNALERT:201516	View
274204	26868	CVE-2007-3511	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1	View
274205	26868	CVE-2007-3511	SUSE:SUSE-SA:2007:057	View
274206	26868	CVE-2007-3511	URL:http://www.novell.com/linux/security/advisories/2007_57_mozilla.html	View
274207	26868	CVE-2007-3511	UBUNTU:USN-535-1	View
274208	26868	CVE-2007-3511	URL:http://www.ubuntulinux.org/support/documentation/usn/usn-535-1	View
274209	26868	CVE-2007-3511	UBUNTU:USN-536-1	View
274210	26868	CVE-2007-3511	URL:http://www.ubuntu.com/usn/usn-536-1	View
274211	26868	CVE-2007-3511	BID:24725	View
274212	26868	CVE-2007-3511	URL:http://www.securityfocus.com/bid/24725	View
274213	26868	CVE-2007-3511	OSVDB:37994	View
274214	26868	CVE-2007-3511	URL:http://osvdb.org/37994	View
274215	26868	CVE-2007-3511	OVAL:oval:org.mitre.oval:def:9763	View
274216	26868	CVE-2007-3511	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9763	View
274217	26868	CVE-2007-3511	VUPEN:ADV-2007-3544	View
274218	26868	CVE-2007-3511	URL:http://www.vupen.com/english/advisories/2007/3544	View
274219	26868	CVE-2007-3511	VUPEN:ADV-2007-3587	View
274220	26868	CVE-2007-3511	URL:http://www.vupen.com/english/advisories/2007/3587	View
274221	26868	CVE-2007-3511	VUPEN:ADV-2008-0083	View
274222	26868	CVE-2007-3511	URL:http://www.vupen.com/english/advisories/2008/0083	View
274223	26868	CVE-2007-3511	SECTRACK:1018837	View
274224	26868	CVE-2007-3511	URL:http://securitytracker.com/id?1018837	View
274225	26868	CVE-2007-3511	SECUNIA:25904	View
274226	26868	CVE-2007-3511	URL:http://secunia.com/advisories/25904	View
274227	26868	CVE-2007-3511	SECUNIA:27276	View
274228	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27276	View
274229	26868	CVE-2007-3511	SECUNIA:27325	View
274230	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27325	View
274231	26868	CVE-2007-3511	SECUNIA:27327	View
274232	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27327	View
274233	26868	CVE-2007-3511	SECUNIA:27335	View
274234	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27335	View
274235	26868	CVE-2007-3511	SECUNIA:27356	View
274236	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27356	View
274237	26868	CVE-2007-3511	SECUNIA:27383	View
274238	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27383	View
274239	26868	CVE-2007-3511	SECUNIA:27425	View
274240	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27425	View
274241	26868	CVE-2007-3511	SECUNIA:27403	View
274242	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27403	View
274243	26868	CVE-2007-3511	SECUNIA:27480	View
274244	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27480	View
274245	26868	CVE-2007-3511	SECUNIA:27387	View
274246	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27387	View
274247	26868	CVE-2007-3511	SECUNIA:27298	View
274248	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27298	View
274249	26868	CVE-2007-3511	SECUNIA:27336	View
274250	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27336	View
274251	26868	CVE-2007-3511	SECUNIA:27414	View
274252	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27414	View
274253	26868	CVE-2007-3511	SECUNIA:27680	View
274254	26868	CVE-2007-3511	URL:http://secunia.com/advisories/27680	View
274255	26868	CVE-2007-3511	XF:firefox-focus-security-bypass(35299)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
52207	JVNDB-2007-000897	Linux Kernel の lcd_write() 関数におけるサービス運用妨害 (DoS) の脆弱性	Linux Kernel の drivers/usb/misc/usblcd.c には、lcd_write() 関数において、呼び出し元から使用されるメモリの量の制限を適切に処理しないために、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2007-3513	26868	4.9		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000897.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.40 MB
View render complete	2.95 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.60
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	398.63
Event: Controller.beforeRender	5.09
» Processing toolbar data	4.99
Rendering View	26.42
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	25.32
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.59
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.12
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/26868
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/26868
Remote Port	62033
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.154
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.14.45
Http Via	1.1 squid-proxy-5b5d847c96-mw4wx (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.154
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.154
Unique Id	aJHpW-UPCodjd_EAegPlhQAAAY0
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.154
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.154
Redirect Unique Id	aJHpW-UPCodjd_EAegPlhQAAAY0
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.154
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.154
Redirect Redirect Unique Id	aJHpW-UPCodjd_EAegPlhQAAAY0
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1754392923.792
Request Time	1754392923

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files