Vulnerability Details : CVE-2011-3866
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
Exploit prediction scoring system (EPSS) score for CVE-2011-3866
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3866
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-3866
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3866
-
https://bugzilla.mozilla.org/show_bug.cgi?id=682562
Access DeniedIssue Tracking;Vendor Advisory
-
http://www.mozilla.org/security/announce/2011/mfsa2011-45.html
Inferring keystrokes from motion data — MozillaVendor Advisory
-
http://www.usenix.org/events/hotsec11/tech/tech.html#Cai
HotSec '11 Workshop SessionsThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954
Repository / Oval RepositoryThird Party Advisory
Products affected by CVE-2011-3866
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*