CVE-2014-1539Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJun 11
Latest updateMay 14

Description

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox29.0.1

🔴Vulnerability Details

1
GHSA
GHSA-cjw6-xjvr-q9rx: Mozilla Firefox before 302022-05-14