| Vulnerability Name: | CVE-2005-0145 (CCN-19170) | ||||||||
| Assigned: | 2005-01-24 | ||||||||
| Published: | 2005-01-24 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0145 Source: CCN Type: Mozilla Web site Firefox Source: CCN Type: MFSA 2005-07 Script-generated event can download without prompting Source: CONFIRM Type: Patch, Vendor Advisory http://www.mozilla.org/security/announce/mfsa2005-07.html Source: CCN Type: OSVDB ID: 13332 Mozilla Firefox File Download Prompt Alt-click Bypass Source: BID Type: UNKNOWN 12407 Source: CCN Type: BID-12407 Multiple Mozilla/Firefox/Thunderbird Vulnerabilities Source: CCN Type: USN-149-3 Ubuntu 4.10 update for Firefox vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory https://bugzilla.mozilla.org/show_bug.cgi?id=265176 Source: XF Type: UNKNOWN mozilla-script-click-event-bypass(19170) Source: XF Type: UNKNOWN mozilla-script-click-event-bypass(19170) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:100051 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||