Red Hat Bugzilla – Bug 1301823
CVE-2016-1937 Mozilla: Missing delay following user click events in protocol handler dialog (MFSA 2016-06)
Last modified: 2016-01-26 23:50:52 EST
Security researcher window reported an issue where the protocol handler dialog appears, double click events are treated as two single click events. This was caused by the lack of a delay following the initial focus in the file download dialog. This could cause a second dialog to be sent the second click, leading to unintentional user initiated actions, such as the running of downloaded software from a maliciously positioned prompt.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges window as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.