CVE-2008-0591

CVSS v2.0 4.3 (Medium)

EPSS 8.34 % (95^th)

Affected Products 2

Advisories 11

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

Weaknesses

CWE-NVD-Other

Related CVEs

CVE-2007-3090

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-02-09 00:00:00
(16 years ago)
Updated Date: 2018-10-15 22:01:20
(6 years ago)

Affected Products

Mozilla

Firefox
Thunderbird

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 2.0.0.11 and prior versions	cpe:2.3:a:mozilla:firefox		<= 2.0.0.11
	Mozilla Thunderbird 2.0.0.11 and prior versions	cpe:2.3:a:mozilla:thunderbird		<= 2.0.0.11