CVE-2008-0591
CVE-2008-0591
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.htmlhttp://browser.netscape.com/releasenotes/http://lcamtuf.coredump.cx/ffclick2/http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=376473http://secunia.com/advisories/28754http://secunia.com/advisories/28758http://secunia.com/advisories/28766http://secunia.com/advisories/28808http://secunia.com/advisories/28818http://secunia.com/advisories/28839http://secunia.com/advisories/28864