CVE-2014-1480

CVE Database · CVE-2014-1480

CVE-2014-1480

· N/AModified

CVSS v3.1

N/A

EPSS

2.68%

Published

Feb 6, 2014

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Weaknesses (CWE)

CWE-1021

Affected Products (13)

opensuse · opensusevulnerable

suse · linux_enterprise_desktopvulnerable

suse · linux_enterprise_servervulnerable

suse · linux_enterprise_software_development_kitvulnerable

oracle · solarisvulnerable

canonical · ubuntu_linuxvulnerable

References (20)

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html

Mailing ListThird Party Advisory