The file-download implementation in Mozilla Firefox prior to 27.0 and SeaMonkey prior to 2.24 does not properly restrict the timing of button selections, which allows remote malicious users to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
opensuse opensuse 12.3 |
||
suse linux enterprise software development kit 11 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 13.1 |
||
oracle solaris 11.3 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
mozilla seamonkey |
||
mozilla firefox |