CVE-2014-1561
First published: Wed Jul 23 2014(Updated: )
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=30.0 | |
| Oracle Solaris | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/59760
- http://secunia.com/advisories/60628
- http://www.mozilla.org/security/announce/2014/mfsa2014-60.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1030619
- https://bugzilla.mozilla.org/show_bug.cgi?id=1000514
- https://bugzilla.mozilla.org/show_bug.cgi?id=910375
- https://security.gentoo.org/glsa/201504-01
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/30.0
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/11.3