Mozilla onkeypress Function XPI Installation Weakness (deprecated)

Medium Nessus Network Monitor Plugin ID 1317


The remote host may be tricked into running an executable file.


The remote host is running a version of the Mozilla browser that contains an improper implementation of the onekeypress function for the space bar. As such, it may be possible to use a single keypress for multiple conformation, potentially allowing for the confirmation of a malicious XPI to be installed into the client.


Upgrade to the latest version of Mozilla.

Plugin Details

Severity: Medium

ID: 1317

File Name: 1317.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1330

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 4.7

Temporal Score: 4.5


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:mozilla

Reference Information

BID: 5762