You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2011-45

Mozilla Foundation Security Advisory 2011-45

Title: Inferring keystrokes from motion data
Impact: Moderate
Announced: September 27, 2011
Products: Firefox, SeaMonkey

Fixed in: Firefox 7.0
  SeaMonkey 2.4


University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We have decided to limit motion data events to the currently-active tab to prevent the possibility of background tabs attempting to decipher keystrokes the user is entering into the foreground tab.