CVE-2014-1480

NONECVSS 0.0

0.0

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

🔗 References (30)

security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
security@mozillahttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
security@mozillahttp://osvdb.org/102867
security@mozillahttp://secunia.com/advisories/56888
security@mozillahttp://www.mozilla.org/security/announce/2014/mfsa2014-03.html
security@mozillahttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
security@mozillahttp://www.securityfocus.com/bid/65331
security@mozillahttp://www.securitytracker.com/id/1029717
security@mozillahttp://www.securitytracker.com/id/1029720
security@mozillahttp://www.ubuntu.com/usn/USN-2102-1
security@mozillahttp://www.ubuntu.com/usn/USN-2102-2
security@mozillahttps://bugzilla.mozilla.org/show_bug.cgi?id=916726
security@mozillahttps://exchange.xforce.ibmcloud.com/vulnerabilities/90897
security@mozillahttps://security.gentoo.org/glsa/201504-01

Is Your Infrastructure Affected by CVE-2014-1480?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-1480

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-1480?