Mozilla Firefox File Action Dialog Refocus Vulnerability

  Severity: MEDIUM
  CVE Identifier: CVE-2008-0591
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001771
  Trend Micro Deep Security DPI Rule Name: 1001771 - Mozilla Firefox File Action Dialog Refocus Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • Mozilla Firefox 2.0.0.11

Featured Stories