CVE-2014-1480 Information

Feb 14, 2021 cve

Description

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections which allows remote attackers to conduct clickjacking attacks and trigger unintended launching of a downloaded file via a crafted web site.

Reference

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102867 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-03.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65331 http://www.securitytracker.com/id/1029717 http://www.securitytracker.com/id/1029720 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubuntu.com/usn/USN-2102-2 https://bugzilla.mozilla.org/show_bug.cgi?id=916726 https://exchange.xforce.ibmcloud.com/vulnerabilities/90897 https://security.gentoo.org/glsa/201504-01

Share on: