CVE-2014-1561 — Mozilla Firefox vulnerability

CWE-2647 documents6 sources

Severity

5.8MEDIUMNVD

OSV10.0

EPSS

0.8%

top 26.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Oracle Solaris

Timeline

PublishedJul 23

Latest updateMay 17

Description

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶Ubuntumozilla/firefox< 31.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox30.0

▶NVDoracle/solaris11.3

🔴Vulnerability Details

GHSA

GHSA-pp62-p6gv-gqgj: Mozilla Firefox before 31↗2022-05-17

▶

OSV

firefox vulnerabilities↗2014-07-22

▶

OSV

CVE-2014-1561: Mozilla Firefox before 31↗2014-07-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Toolbar dialog customization event spoofing (MFSA 2014-60)↗2014-07-22

▶

Ubuntu

Firefox vulnerabilities↗2014-07-22

▶

💬Community

Bugzilla

CVE-2014-1561 Mozilla: Toolbar dialog customization event spoofing (MFSA 2014-60)↗2014-07-21

▶