You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0) > MFSA 2005-07
Mozilla Foundation Security Advisory 2005-07
Title: Script-generated event can download without prompting
Severity: High (Firefox)
Reporter: Omar Khan
Fixed in: Firefox 1.0
Script-generated click events were indistinguishable from true clicks. Combined with the Firefox Alt+click feature that downloads links to the default location without prompting this could be used by malicious sites to place executables or other malware onto a windows user's desktop without their knowing, or simply attempt to fill their disk.
Mozilla 1.7.5 was also fixed to distinguish synthetic from true clicks, but didn't suffer from unprompted downloads.