icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla onkeypress Function XPI Installation Weakness

Medium

Synopsis

The remote host may be tricked into running an executable file.

Description

The remote host is running a version of the Mozilla browser that contains an improper implementation of the onekeypress function for the space bar. As such, it may be possible to use a single keypress for multiple conformation, potentially allowing for the confirmation of a malicious XPI to be installed into the client.

Solution

Upgrade to the latest version of Mozilla.