Search for vulnerabilities
| Vulnerability ID | VCID-r8vx-y8mz-hqcu |
| Aliases |
CVE-2011-3663
|
| Summary | Security researcher Mario Heiderich reported it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. Since web pages can normally detect key events through script and most users have scripting enabled this does not present a risk for most users. In contexts where the user knows scripting is disabled (reading mail, for example, or NoScript users) this could allow a malicious web page to fool a user into interacting with a prompt thinking it came from the browser or mail program. Accessing remote content is disabled by default When reading mail in Thunderbird and SeaMonkey. Successfully capturing keystrokes remotely would require some social engineering to convince the user to turn it on. SVG animation is not supported in Thunderbird 3.1 or Firefox 3.6. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.00961 | https://api.first.org/data/v1/epss?cve=CVE-2011-3663 |
| generic_textual | none | https://www.mozilla.org/en-US/security/advisories/mfsa2011-56 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3663.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2011-3663 | ||
| 770676 | https://bugzilla.redhat.com/show_bug.cgi?id=770676 | |
| CVE-2011-3663 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663 | |
| GLSA-201301-01 | https://security.gentoo.org/glsa/201301-01 | |
| mfsa2011-56 | https://www.mozilla.org/en-US/security/advisories/mfsa2011-56 | |
| USN-1306-1 | https://usn.ubuntu.com/1306-1/ | |
| USN-1343-1 | https://usn.ubuntu.com/1343-1/ |
| Percentile | 0.76787 |
| EPSS Score | 0.00961 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T08:27:53.348002+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-56.md | 38.6.0 |