| Name | CVE-2010-1125 |
| Description | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xulrunner | source | (unstable) | (not affected) |
- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255