Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27081
HistoryOct 01, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-45

2011-10-0100:00:00
vulners.com
20
JSON

Mozilla Foundation Security Advisory 2011-45

Title: Inferring keystrokes from motion data
Impact: Moderate
Announced: September 27, 2011
Products: Firefox, SeaMonkey

Fixed in: Firefox 7.0
SeaMonkey 2.4
Description

University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab.

References

Restrict DeviceMotion to the active document
HotSec '11 Workshop Sessions, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion"

JSON