Mozilla Foundation Security Advisory 2011-45
Title: Inferring keystrokes from motion data
Announced: September 27, 2011
Products: Firefox, SeaMonkey
Fixed in: Firefox 7.0
University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab.