Delay following click events in file download dialog too short on OS X
Announced: January 26, 2016
Reporter: Jordi Chancel
Fixed in: Firefox 44
Security researcher Jordi Chancel reported an issue on OS X where the delay between the download dialog getting focus and the button getting enabled was too short. If an attacker is able to induce the user to double-click in a specific location, they can then pass the second click through to the dialog below, leading to unintentional actions such as the running of downloaded software.
Vulnerability demonstration (video):