MFSA 2008-02 [1]: Security researchers hong and Gregory Fleisher each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside <label> tags to take advantage of automatic focus shifting into the file input field noted on the Hacker WebZine. As with the earlier reported issues this issue could be used to force a user to upload arbitrary files assuming the attacker knows the full path and name of the file. These bugs are variations on earlier problems reported by Charles McAuley and Michal Zalewski which were fixed in Firefox 2.0.0.4, as well as an issue reported by hong which was fixed in Firefox 2.0.0.8. Gregory Fleisher also submitted a series of demonstrations of different ways to lure a user to place focus into the file input control manually. These demonstrations included "focus spoofing" by selectively capturing keystrokes and placing the captured characters where the user thinks the focus should be. [1] http://www.mozilla.org/security/announce/2008/mfsa2008-02.html Fixed upstream in firefox 2.0.0.12 and seamonkey 1.1.8.
seamonkey-1.1.8-1.fc7 has been submitted as an update for Fedora 7
seamonkey-1.1.8-1.fc8 has been submitted as an update for Fedora 8
blam-1.8.3-13.fc8,chmsee-1.0.0-1.28.fc8,devhelp-0.16.1-5.fc8,epiphany-2.20.2-3.fc8,epiphany-extensions-2.20.1-5.fc8,firefox-2.0.0.12-1.fc8,galeon-2.0.4-1.fc8.2,gnome-python2-extras-2.19.1-12.fc8,gnome-web-photo-0.3-8.fc8,gtkmozembedmm-1.4.2.cvs20060817-18.fc8,kazehakase-0.5.2-1.fc8.2,liferea-1.4.11-2.fc8,Miro-1.1-3.fc8,openvrml-0.17.5-2.fc8,ruby-gnome2-0.16.0-20.fc8,yelp-2.20.0-7.fc8 has been submitted as an update for Fedora 8
chmsee-1.0.0-1.28.fc7,devhelp-0.13-13.fc7,epiphany-2.18.3-6.fc7,epiphany-extensions-2.18.3-7,firefox-2.0.0.12-1.fc7,galeon-2.0.3-15.fc7,gnome-python2-extras-2.14.3-8.fc7,gtkmozembedmm-1.4.2.cvs20060817-15.fc7,kazehakase-0.5.2-1.fc7.2,liferea-1.4.9-2.fc7,Miro-1.1-3.fc7,openvrml-0.16.7-3.fc7,ruby-gnome2-0.16.0-21.fc7,yelp-2.18.1-9.fc7 has been submitted as an update for Fedora 7
chmsee-1.0.0-1.28.fc7, devhelp-0.13-13.fc7, epiphany-extensions-2.18.3-7, firefox-2.0.0.12-1.fc7, gtkmozembedmm-1.4.2.cvs20060817-15.fc7, gnome-python2-extras-2.14.3-8.fc7, galeon-2.0.3-15.fc7, ruby-gnome2-0.16.0-21.fc7, epiphany-2.18.3-6.fc7, kazehakase-0.5.2-1.fc7.2, liferea-1.4.9-2.fc7, yelp-2.18.1-9.fc7, Miro-1.1-3.fc7, openvrml-0.16.7-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.8-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
blam-1.8.3-13.fc8, chmsee-1.0.0-1.28.fc8, devhelp-0.16.1-5.fc8, epiphany-2.20.2-3.fc8, epiphany-extensions-2.20.1-5.fc8, firefox-2.0.0.12-1.fc8, galeon-2.0.4-1.fc8.2, gnome-python2-extras-2.19.1-12.fc8, gnome-web-photo-0.3-8.fc8, gtkmozembedmm-1.4.2.cvs20060817-18.fc8, kazehakase-0.5.2-1.fc8.2, liferea-1.4.11-2.fc8, Miro-1.1-3.fc8, openvrml-0.17.5-2.fc8, ruby-gnome2-0.16.0-20.fc8, yelp-2.20.0-7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.8-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This was fixed in RHSA-2008:0208. I'm not sure why it wasn't noted at that time. The patch is included in the seamonkey SRPM. I've added the CVE ID to the advisory.