PT-2014-1140 · Mozilla+2 · Firefox+3

Published

2014-02-04

Updated

2024-12-12

CVE-2014-1480

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 SeaMonkey versions prior to 2.24

Description The issue is related to a flaw in the file-download implementation, which does not properly restrict the timing of button selections. This allows remote attackers to conduct clickjacking attacks and trigger the unintended launching of a downloaded file via a crafted web site. The vulnerability can be exploited by remote attackers to substitute the interface/cursor and cause the unintended launch of a downloaded file using a specially formed web site.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. For SeaMonkey versions prior to 2.24, update to version 2.24 or later to resolve the issue.

Exploit

Fix

RCE

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-1021

Related Identifiers

ALT-PU-2014-1211

ALT-PU-2014-1266

BDU:2014-00238

BDU:2014-00239

CVE-2014-1480

MGASA-2014-0048

OPENSUSE-SU-2014_0419-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Seamonkey

Suse

PT-2014-1140 · Mozilla+2 · Firefox+3

CVE-2014-1480

Weakness Enumeration

Related Identifiers

Affected Products

References · 3110