CVE-2014-1480
Last modified
CVE-2014-1480 is a vulnerability of currently unknown severity. The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.
Description
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Opensuse | Opensuse | 11.4 | — |
| Opensuse | Opensuse | 12.3 | — |
| Opensuse | Opensuse | 13.1 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp3 |
| Suse | Linux Enterprise Server | 11 | Sp3 |
| Suse | Linux Enterprise Software Development Kit | 11 | Sp3 |
| Oracle | Solaris | 11.3 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 12.10 | — |
| Canonical | Ubuntu Linux | 13.10 | — |
| Mozilla | Firefox | < 27.0 | — |
| Mozilla | Seamonkey | < 2.24 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
- http://osvdb.org/102867Broken Link
- http://secunia.com/advisories/56888Broken Link
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securityfocus.com/bid/65331Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029717Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029720Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2102-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2102-2Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=916726Issue Tracking, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90897Third Party Advisory, VDB Entry
- https://security.gentoo.org/glsa/201504-01Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlMailing List, Third Party Advisory
- http://osvdb.org/102867Broken Link
- http://secunia.com/advisories/56888Broken Link
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securityfocus.com/bid/65331Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029717Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029720Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2102-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2102-2Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=916726Issue Tracking, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90897Third Party Advisory, VDB Entry
- https://security.gentoo.org/glsa/201504-01Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-1480?
How severe is CVE-2014-1480?
How do I fix CVE-2014-1480?
Are you affected by CVE-2014-1480?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST