Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the dialog refocus bug or ffclick2.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 2.0.0.11 (including) |
| Thunderbird | Mozilla | * | 2.0.0.11 (including) |
| Red Hat Enterprise Linux 2.1 | RedHat | seamonkey-0:1.0.9-0.9.el2 | * |
| Red Hat Enterprise Linux 3 | RedHat | seamonkey-0:1.0.9-0.9.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:1.5.0.12-0.10.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | seamonkey-0:1.0.9-9.el4 | * |
| Red Hat Enterprise Linux 4 | RedHat | thunderbird-0:1.5.0.12-8.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:1.5.0.12-9.el5 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:1.5.0.12-8.el5 | * |
| Firefox | Ubuntu | dapper | * |
| Firefox | Ubuntu | edgy | * |
| Firefox | Ubuntu | feisty | * |
| Firefox | Ubuntu | gutsy | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | upstream | * |
| Iceape | Ubuntu | gutsy | * |
| Mozilla-thunderbird | Ubuntu | dapper | * |
| Mozilla-thunderbird | Ubuntu | edgy | * |
| Mozilla-thunderbird | Ubuntu | feisty | * |
| Mozilla-thunderbird | Ubuntu | upstream | * |
| Seamonkey | Ubuntu | devel | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | intrepid | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | gutsy | * |
| Thunderbird | Ubuntu | hardy | * |
| Thunderbird | Ubuntu | intrepid | * |
| Thunderbird | Ubuntu | upstream | * |
| Xulrunner | Ubuntu | devel | * |
| Xulrunner | Ubuntu | edgy | * |
| Xulrunner | Ubuntu | feisty | * |
| Xulrunner | Ubuntu | gutsy | * |
| Xulrunner | Ubuntu | hardy | * |
| Xulrunner | Ubuntu | intrepid | * |
| Xulrunner | Ubuntu | upstream | * |