CVE-2014-1480

MEDIUM Year: 2014
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.

Related Vulnerabilities

CVE-2022-2734

CRITICAL
CVSS:10.0(Critical)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CWE-10212022

CVE-2022-3167

CRITICAL
CVSS:10.0(Critical)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.

CWE-10212022

CVE-2016-2496

CRITICAL
CVSS:9.8(Critical)

The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ove...

CWE-10212016

CVE-2021-23274

CRITICAL
CVSS:9.8(Critical)

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an un...

CWE-10212021

CVE-2021-43048

CRITICAL
CVSS:9.8(Critical)

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to exe...

CWE-10212021

CVE-2021-21111

CRITICAL
CVSS:9.6(Critical)

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a...

CWE-10212021