Mozilla Firefox CVE-2016-1937 Cross Site Scripting Vulnerability
Description
Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the second click, leading to unintentional user initiated actions, such as the running of downloaded software from a maliciously positioned prompt.
Affected Applications
Firefox