CVE-2014-1561
CVSS v2.0
5.8 (Medium)
EPSS
0.67 % (80th)
Affected Products
2
Advisories
3
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2014-07-23 11:12:43
(10 years ago) - Updated Date
-
2017-01-07 02:59:40
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...