There is a vulnerability the way Mozilla handles script-generated events that could allow a remote, unauthenticated attacker to access data contained on the victim's clipboard.
By convincing a victim to view a malicious web page, a remote, unauthenticated attacker could perform read/write operations to the victim's clipboard. Since users may copy/paste usernames, passwords, or potentially other sensitive information to the clipboard, the attacker could gain access to this information.
Upgrade as specified by your vendor. This issue has been resolved in Mozilla 1.7.3, Firefox Preview Release, and Thunderbird 0.8.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Vendor has issued information
__ Sort by: Status Alphabetical
Updated: September 17, 2004
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Group | Score | Vector
Base | |
Temporal | |
Environmental | |
This vulnerability was reported by Wladimir Palant.
This document was written by Damon Morda.
CVE IDs: | None
Severity Metric: | 16.88
Date Public: | 2004-08-31
Date First Published: | 2004-09-17
Date Last Updated: | 2004-09-17 20:14 UTC
Document Revision: | 19