The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
Product(s) | Fixed package version(s) | References |
SUSE LINUX 10.0 |
mozilla >= 1.8_seamonkey_1.0.9-2.7 mozilla-calendar >= 1.8_seamonkey_1.0.9-2.7 mozilla-devel >= 1.8_seamonkey_1.0.9-2.7 mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-2.7 mozilla-irc >= 1.8_seamonkey_1.0.9-2.7 mozilla-ko >= 1.75-3.5 mozilla-mail >= 1.8_seamonkey_1.0.9-2.7 mozilla-spellchecker >= 1.8_seamonkey_1.0.9-2.7 mozilla-venkman >= 1.8_seamonkey_1.0.9-2.7 mozilla-zh-CN >= 1.7-6.5 mozilla-zh-TW >= 1.7-6.5
| |
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0 |
mozilla >= 1.8_seamonkey_1.0.9-0.14 mozilla-calendar >= 1.8_seamonkey_1.0.9-0.14 mozilla-devel >= 1.8_seamonkey_1.0.9-0.14 mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-0.14 mozilla-irc >= 1.8_seamonkey_1.0.9-0.14 mozilla-mail >= 1.8_seamonkey_1.0.9-0.14 mozilla-spellchecker >= 1.8_seamonkey_1.0.9-0.14 mozilla-venkman >= 1.8_seamonkey_1.0.9-0.14 mozilla-xmlterm >= 1.8_seamonkey_1.0.9-0.14
|
slrs8.x86 ul1.s390 YOU Patch Nr: 11935 |
SUSE LINUX 10.1 |
seamonkey >= 1.0.9-1.5 seamonkey-calendar >= 1.0.9-1.5 seamonkey-dom-inspector >= 1.0.9-1.5 seamonkey-irc >= 1.0.9-1.5 seamonkey-mail >= 1.0.9-1.5 seamonkey-spellchecker >= 1.0.9-1.5 seamonkey-venkman >= 1.0.9-1.5
| |
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
MozillaFirefox >= 1.5.0.12-0.5 MozillaFirefox-translations >= 1.5.0.12-0.5
|
Builds YOU Patch Nr: 11927 |
SUSE LINUX 10.1 |
MozillaFirefox >= 2.0.0.8-1.2 MozillaFirefox-translations >= 2.0.0.8-1.2
| |
Novell Linux Desktop 9 for x86 |
mozilla >= 1.8_seamonkey_1.0.9-1.6 mozilla-cs >= 1.8_seamonkey_1.0.4-0.7 mozilla-deat >= 1.8_seamonkey_1.0.4-0.7 mozilla-devel >= 1.8_seamonkey_1.0.9-1.6 mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.6 mozilla-hu >= 1.80_seamonkey_1.0.4-5 mozilla-irc >= 1.8_seamonkey_1.0.9-1.6 mozilla-mail >= 1.8_seamonkey_1.0.9-1.6 mozilla-venkman >= 1.8_seamonkey_1.0.9-1.6
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
Novell Linux Desktop 9 for x86_64 |
mozilla >= 1.8_seamonkey_1.0.9-1.6 mozilla-cs >= 1.8_seamonkey_1.0.4-0.7 mozilla-deat >= 1.8_seamonkey_1.0.4-0.7 mozilla-devel >= 1.8_seamonkey_1.0.9-1.6 mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.6 mozilla-hu >= 1.80_seamonkey_1.0.4-5 mozilla-irc >= 1.8_seamonkey_1.0.9-1.6 mozilla-lib64 >= 1.8_seamonkey_1.0.9-0.2 mozilla-mail >= 1.8_seamonkey_1.0.9-1.6 mozilla-venkman >= 1.8_seamonkey_1.0.9-1.6
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
Open Enterprise Server |
mozilla >= 1.8_seamonkey_1.0.9-1.6 mozilla-calendar >= 1.8_seamonkey_1.0.9-1.6 mozilla-cs >= 1.8_seamonkey_1.0.4-0.7 mozilla-deat >= 1.8_seamonkey_1.0.4-0.7 mozilla-devel >= 1.8_seamonkey_1.0.9-1.6 mozilla-dom-inspector >= 1.8_seamonkey_1.0.9-1.6 mozilla-hu >= 1.80_seamonkey_1.0.4-5 mozilla-irc >= 1.8_seamonkey_1.0.9-1.6 mozilla-mail >= 1.8_seamonkey_1.0.9-1.6 mozilla-venkman >= 1.8_seamonkey_1.0.9-1.6
|
sles9-nld.x86-64 sles9-nld.x86 core9.x86 core9.s390 YOU Patch Nr: 11944 |
SUSE LINUX 10.0 |
MozillaFirefox >= 2.0.0.8-1.1 MozillaFirefox-translations >= 2.0.0.8-1.1
| |