Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 385629 - <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird{-bin}: Code installation through holding down Enter (CVE-2011-2372)
Summary: <www-client/firefox{-bin}, www-client/seamonkey{-bin}, www-client/thunderbird...
Status: RESOLVED DUPLICATE of bug 381245
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2011-10-04 17:42 UTC by Michael Harrison
Modified: 2011-10-04 22:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-10-04 17:42:10 UTC
Reported that if you could convince a user to hold down the Enter key--as part of a game or test, perhaps--a malicious page could pop up a download dialog where the held key would then activate the default Open action. For some file types this would be merely annoying (the equivalent of a pop-up) but other file types have powerful scripting capabilities. And this would provide an avenue for an attacker to exploit a vulnerability in applications not normally exposed to potentially hostile internet content.
Comment 1 Agostino Sarubbo gentoo-dev 2011-10-04 22:24:07 UTC

*** This bug has been marked as a duplicate of bug 381245 ***