CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Published: Feb 6, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1480
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-1021

Affected Software
References

Software	From	Fixed in
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
opensuse / opensuse	12.3	12.3.x
suse / linux_enterprise_software_development_kit	11-sp3	11-sp3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	13.1	13.1.x
oracle / solaris	11.3	11.3.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
mozilla / seamonkey	-	2.24
mozilla / firefox	-	27.0

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://osvdb.org/102867
http://secunia.com/advisories/56888
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/65331
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
https://bugzilla.mozilla.org/show_bug.cgi?id=916726
https://exchange.xforce.ibmcloud.com/vulnerabilities/90897
https://security.gentoo.org/glsa/201504-01

Vulnerability Database

289,599

CVE-2014-1480