CVE-2014-1561

high

Description

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

References

https://security.gentoo.org/glsa/201504-01

https://bugzilla.mozilla.org/show_bug.cgi?id=910375

https://bugzilla.mozilla.org/show_bug.cgi?id=1000514

http://www.securitytracker.com/id/1030619

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.mozilla.org/security/announce/2014/mfsa2014-60.html

http://secunia.com/advisories/60628

http://secunia.com/advisories/59760

Details

Source: Mitre, NVD

Published: 2014-07-23

Updated: 2017-01-07

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High