Lucene search

[email protected]CVE-2014-1480

HistoryFeb 06, 2014 - 5:44 a.m.

CVE-2014-1480

2014-02-0605:44:24

CWE-1021

[email protected]

web.nvd.nist.gov

mozilla

firefox

seamonkey

clickjacking

cve-2014-1480

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Affected configurations

NVD

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_serverMatch11sp3-

suselinux_enterprise_serverMatch11sp3vmware

suselinux_enterprise_software_development_kitMatch11sp3

Node

oraclesolarisMatch11.3

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

Node

mozillafirefoxRange<27.0

mozillaseamonkeyRange<2.24

CPENameOperatorVersion
opensuse:opensuseopensuseeq11.4
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_software_development_kitsuse linux enterprise software development kiteq11

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	11.4
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_software_development_kit	suse linux enterprise software development kit	eq	11