CVE-2014-1480

Mozilla Firefox <27.0 & SeaMonkey <2.24 - CSRF

Title source: llm

Description

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

References (15)

Core 15

Core References

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029717

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2014/mfsa2014-03.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1029720

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2102-2

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201504-01

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/56888

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/90897

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/102867

Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=916726

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2102-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/65331

Scores

EPSS 0.0052

EPSS Percentile 67.0%

Details

CWE

CWE-1021

Status published

Products (12)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.10

mozilla/firefox < 27.0

mozilla/seamonkey < 2.24

opensuse/opensuse 11.4

opensuse/opensuse 12.3

opensuse/opensuse 13.1

oracle/solaris 11.3

suse/linux_enterprise_desktop 11 sp3

... and 2 more

Published Feb 06, 2014

Tracked Since Feb 18, 2026