CVE-2008-0591

Severity

43%

Complexity

86%

Confidentiality

48%

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

Type

Mozilla

First reported 17 years ago

2008-02-09 00:00:00

Last updated 6 years ago

2018-10-15 22:01:00

Affected Software

Mozilla Firefox

Mozilla Thunderbird

References

20070604 Assorted browser vulnerabilities

http://browser.netscape.com/releasenotes/

http://lcamtuf.coredump.cx/ffclick2/

Exploit

SUSE-SA:2008:008

28754

Vendor Advisory

28758

Vendor Advisory

28766

Vendor Advisory

28808

Vendor Advisory

28818

Vendor Advisory

28839

Vendor Advisory

28864

Vendor Advisory

28865

Vendor Advisory

28877

Vendor Advisory

28879

Vendor Advisory

28924

Vendor Advisory

28939

Vendor Advisory

28958

Vendor Advisory

29049

Vendor Advisory

29086

Vendor Advisory

29164

Vendor Advisory

29167

Vendor Advisory

29567

30327

30620

2781

238492

http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

http://wiki.rpath.com/Advisories:rPSA-2008-0051

http://wiki.rpath.com/Advisories:rPSA-2008-0093

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093

DSA-1484

DSA-1485

DSA-1489

DSA-1506

GLSA-200805-18

MDVSA-2008:048

MDVSA-2008:062

http://www.mozilla.org/security/announce/2008/mfsa2008-08.html

RHSA-2008:0103

RHSA-2008:0104

Vendor Advisory

RHSA-2008:0105

Vendor Advisory

20070604 Assorted browser vulnerabilities

20080209 rPSA-2008-0051-1 firefox

20080212 FLEA-2008-0001-1 firefox

20080229 rPSA-2008-0093-1 thunderbird

24293

27683

1019339

USN-576-1

ADV-2008-0453

ADV-2008-0454

ADV-2008-0627

ADV-2008-1793

https://bugzilla.mozilla.org/show_bug.cgi?id=376473

https://issues.rpath.com/browse/RPL-1995

oval:org.mitre.oval:def:10900

FEDORA-2008-1435

FEDORA-2008-1459

FEDORA-2008-1535

FEDORA-2008-2060

FEDORA-2008-2118

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.