CVE-2010-1125

NameCVE-2010-1125
DescriptionThe JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xulrunnersource(unstable)(not affected)

Notes

- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255

Search for package or bug name: Reporting problems