Endpoint Vulnerability

Missing delay following user click events in protocol handler dialog

Description

Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the second click, leading to unintentional user initiated actions, such as the running of downloaded software from a maliciously positioned prompt.

Affected Products

Firefox

References

CVE-2016-1937,