Endpoint Vulnerability

UI selection timeout missing on download prompts

Description

Security researcher Jordi Chancel reported that the dialog for saving downloaded files did not implement a security timeout before button selections were processed. This could be used in concert with spoofing to convince users to select a different option than intended, causing downloaded files to be potentially opened instead of only saved in some circumstances.

Affected Products

Firefox

References

CVE-2014-1480,