Unrated severityNVD Advisory· Published Feb 9, 2008· Updated Jun 16, 2026
CVE-2008-0591
CVE-2008-0591
Description
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.11
- (no CPE)range: <2.0.0.12
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <=2.0.0.11
- (no CPE)range: <2.0.0.12
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
61- lcamtuf.coredump.cx/ffclick2/nvdExploit
- secunia.com/advisories/28754nvdVendor Advisory
- secunia.com/advisories/28758nvdVendor Advisory
- secunia.com/advisories/28766nvdVendor Advisory
- secunia.com/advisories/28808nvdVendor Advisory
- secunia.com/advisories/28818nvdVendor Advisory
- secunia.com/advisories/28839nvdVendor Advisory
- secunia.com/advisories/28864nvdVendor Advisory
- secunia.com/advisories/28865nvdVendor Advisory
- secunia.com/advisories/28877nvdVendor Advisory
- secunia.com/advisories/28879nvdVendor Advisory
- secunia.com/advisories/28924nvdVendor Advisory
- secunia.com/advisories/28939nvdVendor Advisory
- secunia.com/advisories/28958nvdVendor Advisory
- secunia.com/advisories/29049nvdVendor Advisory
- secunia.com/advisories/29086nvdVendor Advisory
- secunia.com/advisories/29164nvdVendor Advisory
- secunia.com/advisories/29167nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0104.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0105.htmlnvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.htmlnvd
- browser.netscape.com/releasenotes/nvd
- lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlnvd
- secunia.com/advisories/29567nvd
- secunia.com/advisories/30327nvd
- secunia.com/advisories/30620nvd
- securityreason.com/securityalert/2781nvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.htmlnvd
- wiki.rpath.com/Advisories:rPSA-2008-0051nvd
- wiki.rpath.com/Advisories:rPSA-2008-0093nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0093nvd
- www.debian.org/security/2008/dsa-1484nvd
- www.debian.org/security/2008/dsa-1485nvd
- www.debian.org/security/2008/dsa-1489nvd
- www.debian.org/security/2008/dsa-1506nvd
- www.gentoo.org/security/en/glsa/glsa-200805-18.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2008/mfsa2008-08.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0103.htmlnvd
- www.securityfocus.com/archive/1/470446/100/0/threadednvd
- www.securityfocus.com/archive/1/487826/100/0/threadednvd
- www.securityfocus.com/archive/1/488002/100/0/threadednvd
- www.securityfocus.com/archive/1/488971/100/0/threadednvd
- www.securityfocus.com/bid/24293nvd
- www.securityfocus.com/bid/27683nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-576-1nvd
- www.vupen.com/english/advisories/2008/0453/referencesnvd
- www.vupen.com/english/advisories/2008/0454/referencesnvd
- www.vupen.com/english/advisories/2008/0627/referencesnvd
- www.vupen.com/english/advisories/2008/1793/referencesnvd
- bugzilla.mozilla.org/show_bug.cginvd
- issues.rpath.com/browse/RPL-1995nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10900nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.htmlnvd
News mentions
0No linked articles in our index yet.