Mozilla Foundation Security Advisory 2016-08
Delay following click events in file download dialog too short on OS X
- January 26, 2016
- Jordi Chancel
- Fixed in
- Firefox 44
Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific location, they can then pass the second click through to the dialog below, leading to unintentional actions such as the running of downloaded software.
This issue only affects OS X installations. Windows, Linux, and Android installations are unaffected by it.