CVE-2015-0810Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 39.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedApr 1
Latest updateMay 17

Description

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox36.0.4

🔴Vulnerability Details

1
GHSA
GHSA-7w2r-5rh4-3w9j: Mozilla Firefox before 372022-05-17

💬Community

1
Bugzilla
(CVE-2015-0810) Mozilla Firefox for Mac OS X : Cursor can be totally invisible using a flash object which renders the cursor invisible on it and the JavaScript function "Alert()" on another tab previo2015-01-15