{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2779?format=json","vulnerability_id":"VCID-sxun-heha-vqhd","summary":"Security researcher Jordi Chancel reported that the dialog\nfor saving downloaded files did not implement a security timeout before button\nselections were processed. This could be used in concert with spoofing to\nconvince users to select a different option than intended, causing downloaded\nfiles to be potentially opened instead of only saved in some circumstances.\nIn general this flaw cannot be exploited through email in the\nSeamonkey product because scripting is disabled in mail, but is potentially a\nrisk in browser or browser-like contexts.","aliases":[{"alias":"CVE-2014-1480"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1160?format=json","purl":"pkg:mozilla/Firefox@27.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@27.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1161?format=json","purl":"pkg:mozilla/Seamonkey@2.24.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.24.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480","reference_id":"CVE-2014-1480","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1480"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-03","reference_id":"mfsa2014-03","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-03"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxun-heha-vqhd"}