4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.1%
The file-download implementation in Mozilla Firefox before 27.0 and
SeaMonkey before 2.24 does not properly restrict the timing of button
selections, which allows remote attackers to conduct clickjacking attacks,
and trigger unintended launching of a downloaded file, via a crafted web
site.