CVE-2014-1480

Sažetak

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Reference

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://osvdb.org/102867
http://secunia.com/advisories/56888
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65331
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
https://bugzilla.mozilla.org/show_bug.cgi?id=916726
https://exchange.xforce.ibmcloud.com/vulnerabilities/90897
https://security.gentoo.org/glsa/201504-01

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

21-08-2020 - 18:40

Objavljeno

06-02-2014 - 05:44