Mozilla Foundation Security Advisory 2016-06

Missing delay following user click events in protocol handler dialog

Announced
January 26, 2016
Reporter
window
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 44

Description

Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the second click, leading to unintentional user initiated actions, such as the running of downloaded software from a maliciously positioned prompt.

References