CVE-2014-1480

Priority
Medium
Description
The file-download implementation in Mozilla Firefox before 27.0 and
SeaMonkey before 2.24 does not properly restrict the timing of button
selections, which allows remote attackers to conduct clickjacking attacks,
and trigger unintended launching of a downloaded file, via a crafted web
site.
References
Assigned-to
chrisccoulson
Package
Upstream:released (27.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (27.0+build1-0ubuntu0.12.04.1)
Ubuntu 12.10 (Quantal Quetzal):released (27.0+build1-0ubuntu0.12.10.1)
Ubuntu 13.10 (Saucy Salamander):released (27.0+build1-0ubuntu0.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-19 19:14:32 UTC (commit 7760)