Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-1480
Description:The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
Test IDs: 1.3.6.1.4.1.25623.1.0.850809   1.3.6.1.4.1.25623.1.0.850949   1.3.6.1.4.1.25623.1.1.4.2014.0248.1   1.3.6.1.4.1.25623.1.1.4.2014.0248.2  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-1480
BugTraq ID: 65331
http://www.securityfocus.com/bid/65331
https://security.gentoo.org/glsa/201504-01
http://osvdb.org/102867
http://www.securitytracker.com/id/1029717
http://www.securitytracker.com/id/1029720
http://secunia.com/advisories/56888
SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html
SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
http://www.ubuntu.com/usn/USN-2102-1
http://www.ubuntu.com/usn/USN-2102-2
XForce ISS Database: firefox-cve20141480-spoofing(90897)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90897




© 1998-2024 E-Soft Inc. All rights reserved.