CVE-2014-1561
Mozilla Firefox < 30.0 - UI Spoofing via Drag-and-Drop Event Handling
Title source: llmDescription
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
References (8)
Core 8
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=910375
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2014/mfsa2014-60.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1000514
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030619
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60628
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59760
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Scores
EPSS
0.0075
EPSS Percentile
73.5%
Details
CWE
CWE-264
Status
published
Products (2)
mozilla/firefox
< 30.0
oracle/solaris
11.3
Published
Jul 23, 2014
Tracked Since
Feb 18, 2026