CVE-2008-0591Mozilla Firefox vulnerability

6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
7.3%
top 8.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedFeb 9
Latest updateMay 1

Description

Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.11
NVDmozilla/thunderbird2.0.0.11

🔴Vulnerability Details

1
GHSA
GHSA-grpg-6mx5-wwhv: Mozilla Firefox before 22022-05-01

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2008-02-29
Ubuntu
Firefox vulnerabilities2008-02-08
Red Hat
Mozilla information disclosure flaw2008-02-07

💬Community

1
Bugzilla
CVE-2008-0591 Mozilla information disclosure flaw2008-02-06