Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-1941

Source

Mozilla Foundation Security Advisory 2016-08

Delay following click events in file download dialog too short on OS X

Announced

January 26, 2016

Reporter

Jordi Chancel

Impact

Moderate

Products

Firefox

Fixed in

Firefox 44

Description

Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific location, they can then pass the second click through to the dialog below, leading to unintentional actions such as the running of downloaded software.

This issue only affects OS X installations. Windows, Linux, and Android installations are unaffected by it.

References

Download "open file" dialog delay is too quick when it is under a popup which closes, doesn't prevent clickjacking (CVE-2016-1941)

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Delay following click events in file download dialog too short on OS X

Delay following click events in file download dialog too short on OS X

Description

References

Vulmon Search

About

Products

Connect