Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2005-07

Script-generated event can download without prompting

Announced
January 21, 2005
Reporter
Omar Khan
Impact
High
Products
Firefox
Fixed in
  • Firefox 1

Description

Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their knowing, or simply attempt to fill their disk.

Mozilla 1.7.5 was also fixed to distinguish synthetic from true clicks, but didn't suffer from unprompted downloads.

Workaround

Disable javascript or upgrade to fixed version.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=265176