Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 385629

Summary: <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird{-bin}: Code installation through holding down Enter (CVE-2011-2372)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Michael Harrison 2011-10-04 17:42:10 UTC 
Reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content.
Comment 1 Agostino Sarubbo gentoo-dev 2011-10-04 22:24:07 UTC 

*** This bug has been marked as a duplicate of bug 381245 ***