The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the “for” attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.
archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
osvdb.org/37994
secunia.com/advisories/25904
secunia.com/advisories/27276
secunia.com/advisories/27298
secunia.com/advisories/27325
secunia.com/advisories/27327
secunia.com/advisories/27335
secunia.com/advisories/27336
secunia.com/advisories/27356
secunia.com/advisories/27383
secunia.com/advisories/27387
secunia.com/advisories/27403
secunia.com/advisories/27414
secunia.com/advisories/27425
secunia.com/advisories/27480
secunia.com/advisories/27680
securitytracker.com/id?1018837
sla.ckers.org/forum/read.php?3%2C13142
sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
www.debian.org/security/2007/dsa-1392
www.debian.org/security/2007/dsa-1396
www.debian.org/security/2007/dsa-1401
www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
www.mozilla.org/security/announce/2007/mfsa2007-32.html
www.novell.com/linux/security/advisories/2007_57_mozilla.html
www.redhat.com/support/errata/RHSA-2007-0979.html
www.redhat.com/support/errata/RHSA-2007-0980.html
www.redhat.com/support/errata/RHSA-2007-0981.html
www.securityfocus.com/archive/1/482876/100/200/threaded
www.securityfocus.com/archive/1/482925/100/0/threaded
www.securityfocus.com/archive/1/482932/100/200/threaded
www.securityfocus.com/bid/24725
www.ubuntu.com/usn/usn-536-1
www.vupen.com/english/advisories/2007/3544
www.vupen.com/english/advisories/2007/3587
www.vupen.com/english/advisories/2008/0083
yathong.googlepages.com/FirefoxFocusBug.html
exchange.xforce.ibmcloud.com/vulnerabilities/35299
issues.rpath.com/browse/RPL-1858
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
usn.ubuntu.com/535-1/
www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html