Mozilla onkeypress Function XPI Installation Weakness (deprecated)
Medium Nessus Network Monitor Plugin ID 1317
SynopsisThe remote host may be tricked into running an executable file.
DescriptionThe remote host is running a version of the Mozilla browser that contains an improper implementation of the onekeypress function for the space bar. As such, it may be possible to use a single keypress for multiple conformation, potentially allowing for the confirmation of a malicious XPI to be installed into the client.
SolutionUpgrade to the latest version of Mozilla.