• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox Action Prompt Delay Security Mechanism Bypass Vulnerability

Mozilla Firefox is prone to a security-mechanism-bypass vulnerability because it fails to adequately prevent action prompt options from being selected before a delay timer has finished counting down.

Attackers can exploit this issue to initiate downloads or run files on a user's computer without their knowledge or consent. Successful attacks can allow arbitrary code to run with the privileges of the user running the application.

This issue is reportedly being tracked by Bugzilla Bug 376473.

Firefox 2.0.0.11 and prior versions are vulnerable.