PT-2014-1140 · Mozilla+2 · Firefox+3

Publicado

2014-02-04

Atualizado

2024-12-12

CVE-2014-1480

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 SeaMonkey versions prior to 2.24

Description The issue is related to a flaw in the file-download implementation, which does not properly restrict the timing of button selections. This allows remote attackers to conduct clickjacking attacks and trigger the unintended launching of a downloaded file via a crafted web site. The vulnerability can be exploited by remote attackers to substitute the interface/cursor and cause the unintended launch of a downloaded file using a specially formed web site.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. For SeaMonkey versions prior to 2.24, update to version 2.24 or later to resolve the issue.

Exploit

Correção

RCE

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-1021

Identificadores relacionados

ALT-PU-2014-1211

ALT-PU-2014-1266

BDU:2014-00238

BDU:2014-00239

CVE-2014-1480

MGASA-2014-0048

OPENSUSE-SU-2014_0419-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Alt Linux

Firefox

Seamonkey

Suse

PT-2014-1140 · Mozilla+2 · Firefox+3

CVE-2014-1480

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3110