1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
PublicDateAtUSN: 2014-02-05
Candidate: CVE-2014-1480
PublicDate: 2014-02-06
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html
http://www.ubuntu.com/usn/usn-2102-1
Description:
The file-download implementation in Mozilla Firefox before 27.0 and
SeaMonkey before 2.24 does not properly restrict the timing of button
selections, which allows remote attackers to conduct clickjacking attacks,
and trigger unintended launching of a downloaded file, via a crafted web
site.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (27.0)
lucid_firefox: ignored (reached end-of-life)
precise_firefox: released (27.0+build1-0ubuntu0.12.04.1)
quantal_firefox: released (27.0+build1-0ubuntu0.12.10.1)
saucy_firefox: released (27.0+build1-0ubuntu0.13.10.1)
devel_firefox: not-affected
|