385629 – <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird{-bin}: Code installation through holding down Enter (CVE-2011-2372)

Bug 385629 - <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird{-bin}: Code installation through holding down Enter (CVE-2011-2372)

Summary: <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird...

Status:	RESOLVED DUPLICATE of bug 381245

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-04 17:42 UTC by Michael Harrison
Modified:	2011-10-04 22:24 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2011-10-04 17:42:10 UTC

Reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content.

Comment 1 Agostino Sarubbo gentoo-dev

2011-10-04 22:24:07 UTC


*** This bug has been marked as a duplicate of bug 381245 ***