• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor Web Browser JavaScript Multiple Fields Key Filtering Vulnerability

Severity: MODERATE

Description:

Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users.

The issue occurs when multiple fields are embedded within a single label. These fields include:

- File fields
- Text fields

Other fields may also be affected.

This issue allows attackers to divert keystrokes from one input form in a webpage to a hidden file-upload dialog in the same page.

Exploiting this issue requires that users manually type sensitive data. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input.

Affected Products:

• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X 10.2.5
• Apple Mac OS X 10.2.6
• Apple Mac OS X 10.2.7
• Apple Mac OS X 10.2.8
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Apple Mac OS X Server 10.2.5
• Apple Mac OS X Server 10.2.6
• Apple Mac OS X Server 10.2.7
• Apple Mac OS X Server 10.2.8
• Apple Safari 1.0.0
• Apple Safari 1.1.0
• Apple Safari 3 Beta
• Apple Safari 3 Beta for Windows
• Apple Safari 3.0.1 Beta
• Apple Safari 3.0.1 Beta for Windows
• Apple Safari 3.0.2 Beta
• Apple Safari 3.0.2 Beta for Windows
• Apple Safari 3.0.3 Beta
• Apple Safari 3.0.3 Beta for Windows
• Apple Safari 3.0.4 Beta for Windows
• Mozilla Firefox 1.5.0
• Mozilla Firefox 1.5.0 12
• Mozilla Firefox 1.5.0 beta 1
• Mozilla Firefox 1.5.0 beta 2
• Mozilla Firefox 1.5.0.1
• Mozilla Firefox 1.5.0.10
• Mozilla Firefox 1.5.0.11
• Mozilla Firefox 1.5.0.2
• Mozilla Firefox 1.5.0.2
• Mozilla Firefox 1.5.0.3
• Mozilla Firefox 1.5.0.4
• Mozilla Firefox 1.5.0.5
• Mozilla Firefox 1.5.0.6
• Mozilla Firefox 1.5.0.6
• Mozilla Firefox 1.5.0.7
• Mozilla Firefox 1.5.0.8
• Mozilla Firefox 1.5.0.8
• Mozilla Firefox 1.5.0.9
• Mozilla Firefox 2.0
• Mozilla Firefox 2.0 RC2
• Mozilla Firefox 2.0 RC3
• Mozilla Firefox 2.0 beta 1
• Mozilla Firefox 2.0.0.1
• Mozilla Firefox 2.0.0.10
• Mozilla Firefox 2.0.0.10
• Mozilla Firefox 2.0.0.11
• Mozilla Firefox 2.0.0.2
• Mozilla Firefox 2.0.0.3
• Mozilla Firefox 2.0.0.3
• Mozilla Firefox 2.0.0.4
• Mozilla Firefox 2.0.0.5
• Mozilla Firefox 2.0.0.6
• Mozilla Firefox 2.0.0.7
• Mozilla Firefox 2.0.0.8
• Mozilla Firefox 2.0.0.9
• Netscape Navigator 9.0.0.4

References:

• Apple: Safari Homepage
• Carl Hardwick: Firefox 2.0.0.11 File Focus Stealing vulnerability
• Mozilla Foundation: Mozilla Homepage
• Netscape: Netscape Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.